[Owasp-appsensor-project] DHS & Georgia Tech Grant Funding Potential
Dennis Groves
dennis.groves at gmail.com
Tue Aug 13 00:20:59 UTC 2013
wow, yeah - great post….
On 12 Aug 2013, at 17:10, Jim Manico wrote:
> Whoa, +1 Ryan!
>
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On Aug 12, 2013, at 7:45 PM, Ryan Barnett <ryan.barnett at owasp.org>
> wrote:
>
> To John's point about reporting and visualization - we have similar
> issues
> on the ModSecurity front. Considering that we have implemented many
> AppSensor detection points within the OWASP ModSecurity CRS. We
> currently
> mainly use a tool called the audit console and it accepts ModSecurity
> audit
> log data.
>
> http://www.jwall.org/web/audit/console/index.jsp
>
> You can search and sort in a variety of ways however in general I feel
> that
> there is much to do with regards to making these events meaningful for
> a
> security analyst.
>
> I don't really like the per- transaction views of most WAF alert data.
> I
> prefer more of an attacker-sequence view that shows paths of attacks
> or
> profiles the attacker a bit more. I actually like what Mykonos did
> with
> their dashboard -
> http://www.mykonossoftware.com/profile-the-attacker.php
>
> I guess my point is that I agree that we need a better dashboard for
> these
> events but I am not sure if building one from scratch is the best use
> of
> time and resources. We could consider contributing to Audit Console to
> add
> features we need.
>
> --
> Ryan Barnett
[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a
meeting](http://goo.gl/8sPIy).
Unless someone like you...cares a whole awful lot...
nothing is going to get better...It's not."
-- The Lorax
More information about the Owasp-appsensor-project
mailing list