Hi William,
I would suggest the following documents to you: Log analysis for intrusion detection: http://www.ossec.net/en/loganalysis.html NIST guide to log management: http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf There is probably many more interesting docs, but I couldn't find them right now. Anyone else has any to share? It would be nice to have an entry in the wiki with all of them... Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 3/30/07, william maddler <[EMAIL PROTECTED]> wrote:
Hi all, does anyone could point to some existing good document about correlation best practices and/or white papers? Thank you all. William
