IDS: Cybercop Monitor not displaying logged on user?

christopher-j.conacherbae.co.uk
Thu, 2 Sep 1999 12:43:37 +0100

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Bawcom, Aaron: "RE: IDS: Introduction / question on hacker tools"
• Previous message: lchiavaccibe-on.it: "IDS: Introduction / question on hacker tools"

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
---------------------------------------------------------------------------

---
Dear List
I am currently evaluating IDS.
As far as I can tell Cybercop Monitor does not detail the user logged on to a 
machine that is flagged as launching an attack etc..
Can someone please let me know if this is not the case.
Surely if you are using a system to alert you to misuse within a network one of
 the main things that you would want to know is who is doing it.
I know that you can check NT's event logs but surely it adds far more room for 
doubt (in court etc.) if logs from one application on one machine are being 
used to say that such and such was done and then logs from another source are 
used to show that so and so's account was used to do it.
Also if it is so easy for me to get the information from the NT logs why does 
not CM have this functionality?
Chris Conacher
DCE Tech Team
Computer Sciences Corparation
christopher-j.conacherbae.co.uk

• Next message: Bawcom, Aaron: "RE: IDS: Introduction / question on hacker tools"
• Previous message: lchiavaccibe-on.it: "IDS: Introduction / question on hacker tools"

This archive was generated by hypermail 2.0b3 on Fri Sep 03 1999 - 12:42:52 CDT