Hi,
I am currently facing some problem in establishing correctional rules.To make a correlation rules we must understand the behavior of attack as per my knowledge. Lem has built in correlation rules like worm detection but I want to make correlation rules customized to my environment.Please let me know that what are the most popular correlations rules you all have created or there is any link which shows attack behavior from where I can read and follow steps to make correlation rules.I really need these behavior based correlation rules to get maximum of LEM.
