The paper focuses on Simple Event Correlator (SEC) – a lightweight event correlator written by one of the authors which is based on different design principles than commercial solutions. Unlike most other products, SEC is not a part of a heavyweight and expensive event management framework, but is rather an open-source UNIX tool which can be easily integrated into any setup. During the last decade, SEC has been used for a wide variety of purposes, including network fault management, processing of various security events (e.g., IDS and firewall messages), system and application monitoring and fraud detection. This paper presents an overview of SEC and discusses some real-life event correlation scenarios which highlight its capabilities.
Published in: Information Systems Security Association (ISSA) Journal 10(8).
Vaarandi, R. & Grimaila, M. R. (2012). Security Event Processing with Simple Event Correlator. Information Systems Security Association (ISSA) Journal 10(8), pp. 30-37.