Skip to Main Content
Security Monitoring
book

Security Monitoring

by Chris Fry, Martin Nystrom
February 2009
Intermediate to advanced content levelIntermediate to advanced
256 pages
7h 43m
English
O'Reilly Media, Inc.
Content preview from Security Monitoring

Chapter 6. Feed and Tune

You awaken to find yourself adrift on a raft in the middle of the Atlantic Ocean. The sun is blazing and you are incredibly thirsty. You look around you and see that you are surrounded by cool water, but it is saltwater, not the freshwater you so desperately need. The abundance of the wrong kind of water is akin to the deluge of useless messages experienced from untuned security alert sources such as NIDS, syslog, and application logs. Instead of useful, actionable security alerts, the lifeblood of incident response, you get a mouthful of saltwater in the form of 2 million NIDS alerts a day. An untuned security event source will generate alerts irrelevant to your policies, quickly overwhelm your security monitoring staff, and reduce the availability of useful data in your collection systems. A properly tuned data source is core to your successful security monitoring, and in this chapter, we’ll show you how to accomplish that.

We’ve defined our policies, documented knowledge of our network, and selected targets with event sources. Now we must convert this metadata into actionable incidents by mastering detection technology. We’ll explain this central concept by first introducing a network intrusion detection framework. This framework will guide our deployment and tuning, building on the data we’ve gathered in previous chapters. We will follow that framework by showing how to use custom NetFlow queries with automated reporting to catch violation of security ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Applied Network Security Monitoring

Applied Network Security Monitoring

Chris Sanders, Jason Smith
Network Protocols for Security Professionals

Network Protocols for Security Professionals

Yoram Orzach, Deepanshu Khanna

Publisher Resources

ISBN: 9780596157944Errata Page