1. AtroposCorrelation Prototype COMP 415, Spring 2008

2. Table of Contents • Data Parsing • Matches • Correlation Strategies • Correlation Rulesets • Conclusion & Demo

3. Data Parsing Data Parsing Matches Correlation Strategies Correlation Rulesets Conclusion & Demo

4. Data Parsing • Transform raw data Log String: 846739 12-13-09 17 5000 AAB

5. Data Parsing • Transform raw data • Log Parser or API JPM Service Atropos API API Call To Correlation Engine Parser Log File API Call

6. Matches Data Parsing Matches Correlation Strategies Correlation Rulesets Conclusion & Demo

7. Matches • Single correlation point • One or more parameters Match One Match Two

8. Correlation Strategies Data Parsing Matches Correlation Strategies Correlation Rulesets Conclusion & Demo

9. Correlation Strategies • One or more matches • Strength is “sum” of matches • Multiple strategies

10. Correlation Rulesets Data Parsing Matches Correlation Strategies Correlation Rulesets Conclusion & Demo

11. Correlation Rulesets • One link in association graph • Matches • Strategies • Data structures • Corollary: Parsing Rules

12. Conclusion & Demo Data Parsing Matches Correlation Strategies Correlation Rulesets Conclusion & Demo

13. Conclusion - summary • Matches link messages • Strategies compose Correlation • Rulesets map to network

14. Conclusion - questions • How efficient is matching? • How to match w/o rules? • How to match substrings?

15. AtroposCut through the tangled web… Thank You For Listening!