[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISSForum] Reporting/Query Questions
I'm somewhat new to the ISS Site Protector suite and realize that
like any large product that's been in service for a while someone else has
likely figured out solutions to things I'm just now finding. My issues are
related to extracting data for specific situations. I have created several
new Analysis Views to get what I want but here are a couple scenarios I'm
not clear on how to deal with.
-Generate a report (or even a view) showing ALL events that contain an IP
address regardless of whether it was the source or destination.
-If I have an infected PC I want a way to view all events the IDs
noticed regardless of whether it was "target" or "victim".
-This is also useful in looking at chat, IM or P2P activity because now
I have to do data 2 data exports for each IP, 1 as Source, 1 as
destination. This makes following a conversation pretty difficult.
-Generate a report to show a graph of a single event over time graphed by
hour. Example: Show all YahooIM seen over 14 days graphed by 2 hour
intervals. Or show number of IM sessions per day for last 30 days.
-We have implemented a software control solution, as well as
communicated to users that all non approved IM is not permitted. We want
to graph what we currently see in the IDS to show if our actions are
effective. I want to show IM traffic graph 2 weeks prior and 2 weeks
after the message.
I'm considering going to my DBA's to see if they can pull some of this
out for me. We have looked ISS Reporting tool but for the price it
doesn't seem to be able to provide all of the capabilities we need. Some
of the templates are helpful but there are many other ways I would wish
to view the data that just aren't there.
American Modern Insurance Companies
Sr. Security Engineer
IS Risk and Security Management
7000 Midland Blvd.
Amelia, OH 45102
ISSForum mailing list
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx
The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.