|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: RE: ISS Real SecureReport Generation -reply
From: Stephen Cooper (Stephen.Cooper
bis.org)Date: Fri Mar 03 2000 - 03:43:16 CST
- Next message: charley.lingerfeltlennoxintl.com: "RE: IIS ASP 0115 a Trappable Error has Occurred ."
- Previous message: Mike Stoico: "RealSecure Custid"
- Maybe reply: Stephen Cooper: "RE: ISS Real SecureReport Generation -reply"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------
Hello Pim,
I would like your comment on this.
Certainly you are aware of our requirements. Given the components that have been discussed during the Pre-sales cycle, can we then
a) automate reporting
b) securely retrieve data from the network probes.
Before we have deployed SafeSuite Decisions?
If we cannot, then we need to build a mechanism to do it. If SSH is what it takes, we have licenses for SSH 2 from F-Secure.
Stephen J. Cooper
Senior Systems Analyst
Information Systems Security
>>> <Mark.Teicherpredictive.com> 02/28/00 02:46pm >>>
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------
If one is using Crystal Report 7, one can schedule custom report
generation by creating a report within CrystalReports the importing it
into User Imported underneath the Reports folder. One can even go a stpef
urther, and configure their Enterprise Network Management Event Engine tot
rigger an alert when something happens and within RealSecure define a
custom event to grab the event message send it to the ENMS system, then
event from ENMS triggers a trouble ticket through ARS Remedy or some othert
icketing system.
An a well developed IDS system should be able to integrate into an
existing Enterprise Network Management Systsem.
The only thing that is currently wrong with ISS RealSecure, is that therei
s no REAL SECURE(sorry about the pun) way to transport the data that isc
ollected by Real Secure. When I worked with ISS Professional services
about a year ago, they in their infinite wisdom to solve this situation bei
nstalling WarFTP on the console and open up FTP to a non-secure machine
in the network. When questioned about this scenario, they stated ISS RealS
ecure is flawed, and this is the workaround.
Well after playing ISS Real Secure 3.2.1, this problem is still present,
and my workaround was installing SSH and automating the encryption and
transfer process to the designated reporting host on an isolated network.T
he reporting host has only the necessary O/S tidbits, plus the report
generator software and directly connected to a printer.
I wonder if the ISS engineers could design a way to transfer the data fromt
he Console to a designated host similiar to how Macafee updates it's
virus software.
Jim - you knew I was going to reply with another workaround
ISS - above is an enhancement and probably some assemblance on ISS shoulds
tart putting together a Knowledgebase FAQ on how to configure your ISS
Real Secure, this would cut down on the silly questions posted from some
people (i.e Gavin)... :)
/m
"Lindley, Jim (ISSAtlanta)" <JLindleyiss.net>
02/27/00 09:56 PM
To: "'Mark.Teicherpredictive.com'" <Mark.Teicherpredictive.com>, "Lindley,
Jim (ISSAtlanta)" <JLindleyiss.net>
cc: issforumiss.net
Subject: RE: Automating RealSecure report generation -reply
The point of my comment was that there was no way to automate REALSECURE
reports. Of course, you can use a third party (MS Access) against the MDB
file, but that isn't RealSecure, it's a work-around. Of course,
work-arounds are always welcome 8-).
Jim Lindley
-----Original Message-----
From: Mark.Teicherpredictive.com [mailto:Mark.Teicherpredictive.com]
Sent: Friday, February 25, 2000 9:06 PM
To: Lindley, Jim (ISSAtlanta)
Cc: issforumiss.net
Subject: RE: Automating RealSecure report generation -reply
Actually this is not true, some little trickery with Microsoft Access and
the Scheduler program in Win NT, you can generate instant event reports.
This does work very well.
/m
"Lindley, Jim (ISSAtlanta)" <JLindleyiss.net>
Sent by: owner-issforumiss.net
02/23/00 09:56 PM
To: issforumiss.net
cc:
Subject: RE: Automating RealSecure report generation
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
to
majordomoiss.net Contact issforum-owneriss.net for help with any
problems!
----------------------------------------------------------------------------
RealSecure reports cannot be automated. Other ISS products offer such
command line and scheduling options, but the only "automation" for
RealSecure reports is via SAFESuite Decisions, the ISS enterprise-level
security decision support application. Currently, there is a command-line
manager for the Network Sensor (EngineMgr.exe), but it does not include
report generation.
One of the reasons for this state of affairs is that the scanner tools
generally produce reports after a specific event is completed (i.e., the
scan is run, the report is generated). However, RealSecure is a realtime
tool with no "stop and report" point and the Console database that
provides
the data for the reports was updated either manually or via a
non-predictable dynamic activity initiated by the Network Sensor. So
there
was no "scheduled" event to trigger the reports. The EngineMgr utility
now
provides scheduled management to the Network Sensor, but report generation
is NOT one of those functions.
James R Lindley
Senior Security Instructor
Internet Security Systems Inc
678-443-6323
An unquenchable thirst for Pierian water.
****************************************************************************
*******
ISS CONNECT 2000
International User Group and Information Security Summit
March 19-24, 2000 http://connect.iss.net
REGISTER TODAY!
****************************************************************************
*******
-----Original Message-----
From: Jimmy_StokesHomeDepot.COM [mailto:Jimmy_StokesHomeDepot.COM]
Sent: Wednesday, February 23, 2000 11:00 AM
To: issforumiss.net
Subject: Automating RealSecure report generation
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
to
majordomoiss.net Contact issforum-owneriss.net for help with any
problems!
----------------------------------------------------------------------------
Hello,
I am running RealScure on (gag) NT and I was informed by the ISS associate
that
the generation of reports could be automated. However, I have yet to find
documenation on how this is done. Does anyone have a URL that documents
these
procedures or hints and suggestions on how they accomplished it? I'm a
UNIX
(Linux) guy, so I'm much more interested in how to program it rather than
in
tedious point-and-click business.
Thanks,
Jimmy
DISCLAIMER: Any e-mail messages from the Bank for International Settlements are sent in good faith, but shall not be binding nor construed as constituting any obligation on the part of the Bank.
CONFIDENTIALITY NOTICE: This e-mail contains confidential information, which is intended only for the use of the recipient(s) named above. If you have received this communication in error, please notify the sender immediately via e-mail and return the entire message. Thank you for your assistance.
- Next message: charley.lingerfeltlennoxintl.com: "RE: IIS ASP 0115 a Trappable Error has Occurred ."
- Previous message: Mike Stoico: "RealSecure Custid"
- Maybe reply: Stephen Cooper: "RE: ISS Real SecureReport Generation -reply"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]