Alert correlation

Pouget, Fabien;Dacier, Marc
Research report RR-03-094

In this paper, we report on an experiment run with three alert correlation tools at Eurecom. The motivation of this work resides in our wish to experiment three tools, representative of the three categories we previously defined in [PoDa03]. A testbed was developed to compare them, and to evaluate their capacities. We describe each tool in details, as well as their installation modalities. We then present our testbed and discuss results obtained and lessons learned thanks to these experiments.


Type:
Rapport
Date:
2003-12-29
Department:
Sécurité numérique
Eurecom Ref:
1291
Copyright:
© EURECOM. Personal use of this material is permitted. The definitive version of this paper was published in Research report RR-03-094 and is available at :
See also:

PERMALINK : https://www.eurecom.fr/publication/1291