Alert correlation

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages) The topic of this article may not meet Wikipedia's general notability guideline. Please help to demonstrate the notability of the topic by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to be merged, redirected, or deleted. Find sources: "Alert correlation" – news · newspapers · books · scholar · JSTOR (January 2012) (Learn how and when to remove this message) This article does not cite any sources. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Alert correlation" – news · newspapers · books · scholar · JSTOR (January 2012) (Learn how and when to remove this message) (Learn how and when to remove this message)

Alert correlation is a type of long analysis. It focuses on the process of clustering alerts (events), generated by NIDS and HIDS computer systems, to form higher-level pieces of information.

Example of simple alert correlation is grouping invalid login attempts to report single incident like "10000 invalid login attempts on host X".

• ACARM
• ACARM-ng
• OSSIM
• Prelude Hybrid IDS
• Snort

This article needs additional or more specific categories. Please help out by adding categories to it so that it can be listed with similar articles. (March 2023)