[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ISSForum] Deleting Specific Events from SiteProtector Database



Henry,

The deletion procedures usually have two seps. First, the ID's of
events/records to be deleted (date-based critera) are placed in a
temporary table. Then, the ID's from the temporary table are deleted in
each real table.

All you need to do is to change the critera used for selecting events in
the first step. Instead of using only the date, apply any critera that
you want. 

If you need a little more detail, I can send you a workable stored
procedure.

Cheers,
Robert
 

-----Original Message-----
From: issforum-bounces@xxxxxxx [mailto:issforum-bounces@xxxxxxx] On
Behalf Of technews@xxxxxxxxxxxx
Sent: 04 May 2004 06:21
To: Issforum (E-mail)
Subject: [ISSForum] Deleting Specific Events from SiteProtector Database

A friendly challenge....

I spoke with ISS today to see if there was a method to delete specific
events from the database.
Unfortunately they had no solution.

There were several queries available for the RealSecure WGM and the best
came from a Microsoft IDS technician whose name escapes me.
For any who recall his name (or if he cares to stand) the appropriate
cudos are due.

Now I am trying to figure out the same sort of function for the
SiteProtector database but it's complexity befounds me.
I thought to copy and try to edit one the IIS_Purge Stored Procedures
but the procedure is too far over my ability to command.

Now, ISS told me that they are looking to include something of the sort
in the next major release but given the history that they said the same
thing for WGM I will not hold my breath waiting for it.

That is not a direct cut by any means - they have to prioritize where
they spend time.  And I am just as willing most of the time to be happy
that they continue to build signatures in a relativley speedy manner.

With all that said - Has anyone else derived a method/query to delete
specific events from the database?
Even better would be the ability to select both the event and a time
frame.

It is possible that given a selected set of queries with a common set of
variables (Time, EventName, Date Start, Date End) that I can get some
co-workers to build a GUI around it.

So though my racket had a hole in it  - is anyone else serving an Ace?

Henry Schupp
Security Engineer
Mantech-IS&T


_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.