[Owasp-appsensor-project] DHS & Georgia Tech Grant Funding Potential

Dennis Groves dennis.groves at gmail.com
Tue Aug 13 00:20:59 UTC 2013


wow, yeah - great post….

On 12 Aug 2013, at 17:10, Jim Manico wrote:

> Whoa, +1 Ryan!
>
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On Aug 12, 2013, at 7:45 PM, Ryan Barnett <ryan.barnett at owasp.org> 
> wrote:
>
> To John's point about reporting and visualization - we have similar 
> issues
> on the ModSecurity front. Considering that we have implemented many
> AppSensor detection points within the OWASP ModSecurity CRS. We 
> currently
> mainly use a tool called the audit console and it accepts ModSecurity 
> audit
> log data.
>
> http://www.jwall.org/web/audit/console/index.jsp
>
> You can search and sort in a variety of ways however in general I feel 
> that
> there is much to do with regards to making these events meaningful for 
> a
> security analyst.
>
> I don't really like the per- transaction views of most WAF alert data. 
> I
> prefer more of an attacker-sequence view that shows paths of attacks 
> or
> profiles the attacker a bit more. I actually like what Mykonos did 
> with
> their dashboard - 
> http://www.mykonossoftware.com/profile-the-attacker.php
>
> I guess my point is that I agree that we need a better dashboard for 
> these
> events but I am not sure if building one from scratch is the best use 
> of
> time and resources. We could consider contributing to Audit Console to 
> add
> features we need.
>
> --
> Ryan Barnett


[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a 
meeting](http://goo.gl/8sPIy).

     Unless someone like you...cares a whole awful lot...
     nothing is going to get better...It's not."
                                             -- The Lorax


More information about the Owasp-appsensor-project mailing list