- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
A Framework to Collect Security Events for Intrusion Analysis
- Abstract
- It becomes a problem when you have several firewalls, intrusion sensors or servers and to top it off, not all firewalls and intrusion sensors generate logs in a standard format. This means you may need several tools to analyze data maybe even one tool per each device per vendor. This can be a mess. This paper assumes you need a way to consolidate event logs from these devices and present them to the people who are chartered to analyze and take action wn an efficient manner.