Challenges to Computer Logs:
- Too much data – What data is actually needed
- Not enough data – Missing data lead to wrong picture
- Hard-to-get data – This is a usability issue
- Redundant and inconsistent data - Along with the diversity of messages, many are also rather obscure
- Poor information delivery – Is the delivery usable
- False positives – These are false alarms (events may be malicious but have no potential of harming the target).
- Heterogeneous IT environments - Most companies have multiple types of devices from multiple vendors