You are viewing a plain text version of this content. The canonical link for it is here.
Posted to alois-dev@incubator.apache.org by "Marcus Holthaus (IMSEC)" <Ma...@imsec.ch> on 2011/01/16 21:37:11 UTC
Slight rework of apache alois papaer for IMF 2011
Hi all
I just made a few modifications to the excellent text prepared by Urs Lerch.
Most of them are little corrections regarding system details probably unknown
to Urs (my history with the tool is longer), some are in respect to the
existing fields of use and the potentials for forensic applications, and some
just represent differing feelings on how to formulate an english essay.
One thing I cannot handle myself: Urs's figure 2 misses four components:
a) An array from "dobby" to "lizard", implying message data flow for message
analysis and correlation
b) an array from "lizard" to "reptor" (not "reporter", indicating message flow
for reports and alarms
c) an array from "prisma" to "lizard", indicating the flow of messages for
which there is no input filter (prisma) yet, but which can be analysed all the
same
d) an "s" in "prisma"
Urs: Could you correct that, please?
Thanks
-- Marcus
--
-- Dr. Marcus Holthaus
-- IMSEC GmbH, Sonnhaldenstrasse 87, CH 6331 Hünenberg
-- +41 41 780 00 11, marcus.holthaus@imsec.ch
-- The primary second opinion on IT security
-- Please Use OpenPGP key FDBD17F2 to encrypt your mail to me.
Re: Slight rework of apache alois papaer for IMF 2011
Posted by Urs Lerch <ma...@ulerch.net>.
Hi Marcus
> One thing I cannot handle myself: Urs's figure 2 misses four components:
> a) An array from "dobby" to "lizard", implying message data flow for message
> analysis and correlation
> b) an array from "lizard" to "reptor" (not "reporter", indicating message flow
> for reports and alarms
> c) an array from "prisma" to "lizard", indicating the flow of messages for
> which there is no input filter (prisma) yet, but which can be analysed all the
> same
> d) an "s" in "prisma"
I reused this figure of IMSEC, so therefore these errors have a rather
long history. Since I only have the PNG and not the original drawing, I
cannot correct this in a few seconds, but need to completly redraw it. I
therefore think that I won't be able to do this today. But I will
correct it in the final version.
Best,
Urs