Correlating IDS Alerts with Vulnerability Information

This paper will illustrate a variety of the approaches and theories that can be used to correlate intrusion detection system (IDS) logs with vulnerability data. Several models will be presented and their benefits and drawbacks will be discussed. The goal will be to illustrate several methods that vulnerability information can be used to illicit high quality alerts from IDS logs that are primarily false positives.

Download Whitepaper