Name:tracking, correlation, and analysis of incident reporting and response information
Incident reports and mitigating actions are collected,
reported, correlated, and analyzed. Examples include analysis for patterns
of abuse, detection of changes in threat profiles, detection of low-rate
attacks, detection of increased overall attack levels, improvement of
response performance based on feedback from the analysis process, and the
collection and reuse of diagnostic and repair information.
Complexity: This is not a complex thing to do, but it is rarely done well.
In general, the analysis of information may be quite complex depending on
what is to be derived from it.
fc@red.a.net