Difference between revisions of "Swatch replacement"
From Finninday
| Line 1: | Line 1: | ||
| + | [[Category: Computers]] | ||
Thursday, May 12th, 2005 | Thursday, May 12th, 2005 | ||
I just learned that what I wanted to do with swatch is really event correlation. Imagine that. I just wanted to identify similar attacks from the same source within a window of time to automatically respond to them. | I just learned that what I wanted to do with swatch is really event correlation. Imagine that. I just wanted to identify similar attacks from the same source within a window of time to automatically respond to them. | ||
Swatch is a favorite old tool of mine and I tried to make it work for this task, but I just couldn’t get the threshhold feature to work. So I looked around and found Simple Event Correlation. Very nice. But way more complex than I would like. Oh well, I just need a good article with lots of examples to help me understand it. | Swatch is a favorite old tool of mine and I tried to make it work for this task, but I just couldn’t get the threshhold feature to work. So I looked around and found Simple Event Correlation. Very nice. But way more complex than I would like. Oh well, I just need a good article with lots of examples to help me understand it. | ||
Latest revision as of 23:43, 29 November 2007
Thursday, May 12th, 2005
I just learned that what I wanted to do with swatch is really event correlation. Imagine that. I just wanted to identify similar attacks from the same source within a window of time to automatically respond to them. Swatch is a favorite old tool of mine and I tried to make it work for this task, but I just couldn’t get the threshhold feature to work. So I looked around and found Simple Event Correlation. Very nice. But way more complex than I would like. Oh well, I just need a good article with lots of examples to help me understand it.
