Alert correlation

From HandWiki

Revision as of 07:37, 27 June 2023 by John Stpola (talk | contribs) (correction)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Short description: Type of log analysis

Alert correlation is a type of log analysis. It focuses on the process of clustering alerts (events), generated by NIDS and HIDS computer systems, to form higher-level pieces of information.

Example of simple alert correlation is grouping invalid login attempts to report single incident like "10000 invalid login attempts on host X".

See also

ACARM
ACARM-ng
OSSIM
Prelude Hybrid IDS
Snort

This article needs additional or more specific categories. Please help out by adding categories to it so that it can be listed with similar articles. (March 2023)

0.00

(0 votes)

Original source: https://en.wikipedia.org/wiki/Alert correlation. Read more

Retrieved from "https://handwiki.org/wiki/index.php?title=Alert_correlation&oldid=3007895"

Hidden category:

Articles with invalid date parameter in template