incubator-alois-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Alois Wiki] Trivial Update of "IMF2011" by UrsLerch
Date Sun, 16 Jan 2011 20:23:58 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Alois Wiki" for change notification.

The "IMF2011" page has been changed by UrsLerch.
The comment on this change is: 2 Titles modified.
http://wiki.apache.org/alois/IMF2011?action=diff&rev1=19&rev2=20

--------------------------------------------------

  
  The term Security Information Event Management (SIEM) describes the capabilities of gathering,
analyzing and presenting information from very different sources as network and security devices,
identity and access management applications, operating system, database and application logs
and even external threat data. While the sources are at least partly very different from those
of computer forensics, the capabilities are almost the same!
  
- == Architecture of Apache ALOIS ==
+ == The Architecture of Apache ALOIS ==
  Apache ALOIS consists of five modules interacting to ensure a scaleable functionality of
a SIEM:
  
   * Insink is the message sink, which is the receiving entry point  for all the different
log messages into Apache ALOIS. It is partly  based on the syslog-ng software. Insink listens
for messages (UDP),  waits for messages (TCP), receives message collections (files, emails)
 and pre-filters them to prevent from message flow overload.
@@ -67, +67 @@

  
  Therefore, it will not only be easy to connect a - proprietary or open source - application
to the system. It will also be possible to replace one or another standard moduls of Apache
ALOIS with the one that fits better the own special needs.
  
- == Conclusions ==
+ == Conclusion ==
  Computer forensics is a domain with highly specialised tools from numerous vendors. What
is lacking is an integration platform, where all the data come together and therefore can
be correlated. Apache ALOIS is a SIEM and has already build in correlation. Since it is open
source software, it could be extended to a computer forensics cross-software platform, that
is vendor independent. Moreover, the fact that the software project is part of the Apache
community, guarantees its independence, a commercial-friendly licence and a healthy development.
  
  == References ==

Mime
View raw message