A Dynamically Configurable Log-Based Distributed Security Event Detection Methodology Using Simple Event Correlator

En savoir plus sur le livre

Focusing on the advantages of distributed event correlation for security event detection, this research compares it with centralized methods, highlighting the latter's limitations such as high bandwidth use and resource demands. The study evaluates metrics like network utilization and detection capabilities, demonstrating that distributed correlation can significantly reduce syslog traffic and improve database performance. By implementing remote configuration scripts and correlating various log sources, the analysis showcases a 99% reduction in traffic and enhanced efficiency in high-accountability scenarios.