Analysis of network [closed]


What should be looked at to analyze network security monitoring and/or IDS logs for any suspicious behavior and how to craft pattern matching scripts to look for those things when you have hundreds of thousands entries?