ABSTRACT

Contents Introduction ............................................................................................................................ 406 Motivation .............................................................................................................................. 406 Background ............................................................................................................................ 406 Clarifi cation of Terms-Technology Defi ned ......................................................................... 407 Log Aggregation ..................................................................................................................... 407 Centralized Management ........................................................................................................ 408 Real-Time Analysis ................................................................................................................. 408 Correlation of Events .............................................................................................................. 408 Forensics Analysis ................................................................................................................... 409 Incident Response Handling ................................................................................................... 409 Challenges ...............................................................................................................................410