EventChain

Filter event-chain correlates chains of alerts where one host acts as a source in one alert and as target in another. It can find break-in where captured computer is used as a base for following attacks.

back