One of the biggest threats to effective incident response is correlating events and being aware of real incidents happening inside your network. There are some commercial alternatives like Cisco MARS and RSA Envision, but many companies can't afford those alternativesand in many situations the size of the network is not big enough to make worth the acquisition of any commercial product. I have lived the last case and in my search I found very useful SAGAN (http://sagan.softwink.com/). It is a real time event log monitoring system that is able to detect incidents on hosts or network and can correlate information with ...