Alert correlation is a type of
log analysis
In computer log management and intelligence, log analysis (or ''system and network log analysis'') is an art and science seeking to make sense of computer-generated records (also called log or audit trail records). The process of creating such reco ...
. It focuses on the process of clustering alerts (events), generated by
NIDS and
HIDS computer systems, to form higher-level pieces of information.
Example of simple alert correlation is grouping invalid login attempts to report single incident like "10000 invalid login attempts on host X".
See also
*
ACARM
*
ACARM-ng
*
OSSIM
*
Prelude Hybrid IDS
Prelude SIEM is a Security information and event management (SIEM).
Prelude SIEM is a tool for driving IT security that collects and centralizes information about the company's IT security to offer a single point of view to manage it. It can cre ...
*
Snort
Computer systems
{{Computer-security-stub
Computer-aided engineering