Hello friends, this post loosely follows this one: https://sourceforge.net/p/simple-evcorr/mailman/message/36867007/.
Being monitoring consultant and developer, I have an idea to hide complexity of SEC configurations, and still to allow to configure it also for "regular" administrators without any developer or SEC background. Imagined concept illustration: [configuration DB] -> [generator(s)] -> [SEC configurations] The punch line is, that user won't need to know anything about SEC, but will need to understand logic of correlations employed, and their parameters (configuration DB may have some kind of GUI). In the background, higher-level correlations will be translated to respective SEC rules. Maybe there exists something similar as described - if somebody knows about something, I'd like if he or she will navigate me to it. If it does not exist, maybe this is potential opportunity for implementation, and this way also SEC could be more propagated, as still alive alternative to other newer solutions usable for event correlations, e.g. based on ELK (I see big advantage of SEC, that it does not need separate application infrastructure for log collection and processing). Any opinions about this topic? Richard
_______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users