Zen 2.0

Computer World has an interesting article on Playing catch-up on analytic technology.

A while back on the loganalysis mailing list there was a long thread of discussion on the “most popular reports”. Adrian Grigorof from EventID was nice enough to compile the list of reports from the discussion thread.

Any good log analysis software should be able to provide two different views: microscopic and telescopic. Under a microscope, the user should be able to see all the nitty-gritty details of an event or incident. An event under a microscope should show details of the fields that makes up that event. For example, if you [...]

Unfortunately I can’t remember where I found this quote, but it’s the best definition of Operational Intelligence I have seen: Operational intelligence should be focused on patterns of activity, trends, and indications of future intentions. If you know the original of the definition, please let me know.

Aside from the technical or operational mistakes mentioned in this article, there are also business mistakes that organizations can make in their implementation of the log analysis infrastructure/product. Below are five common mistakes that are commonly seen in organizations. 1. Lack of clear understanding of the values Return on Investment (ROI) is usually a metric [...]

Many log analysis vendors have spent a lot of time trying to make their graphs and reports look flashy and colorful, does that really help you in understanding your logs better? Sure, they demo well. But some vendors are so obsessed about 3D graphs and other flashy aspects of the GUI that they miss the [...]

RDEP, or Remote Data Exchange Protocol, is a proprietary application-level communications protocol created by Cisco for their Secure IDS version 4 product. (Version 3 of the Cisco Secure IDS uses the Postoffice protocol, which is not covered here.) RDEP is mainly a request/response protocol utilizing the HTTP/1.1 protocol. RDEP can run over both encrypted (TLS/SSL) [...]

I share the same pain as Paul Chaney. Ever since I started my blog on 10/1, I have been getting a ton comment spams. In the beginning I just turned on comment approval in WordPress so no spam is posted, however, I was getting so much spam it became a huge hassle to go through [...]

Intelligent Enterprise‘s latest issue has an article on Data Quality Discipline. It talked about how data quality and extract, transform and load (ETL) are tied together by describing the transofrmation explosion and analytics thrashing that occurs with poorly understood source data. There are many issues that the BI community encounters during the ETL of data [...]

So I got a question for everyone. Why hasn’t the SIM or log analysis market consolidated? The SIM market is about 5 years old now. There are many players in this field, both pure SIM players and players expanding into the SIM space. Some of the pure players include ArcSight netForensics Open Service e-Security GuardedNet [...]