OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: mhtclark.net
Date: Thu Jul 05 2001 - 02:16:04 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
    majordomoiss.net Contact issforum-owneriss.net for help with any problems!
    ----------------------------------------------------------------------------

    This has always been an issue in Network Operations Center/Security
    Operations Center. One of the recommendations is to pass ISS RealSecure
    information to an Enterprise Network Management System (i.e. HP OpenView,
    etc, etc) via SNMP traps. So that when an intrusion/event is detected, the
    monitoring person also has other network information on the screen in order
    to initiate proper escalation steps/diagnosis when certain
    events/intrusions are detected.

    In other cases,a RealSecure console (setup in View mode only) with on the
    Event Window and High Window visible with a custom policy indicating
    certain events to be both Displayed and logged to the DB (this would be for
    further analysis and/or tracking intrusion trends).

    Reports can be scheduled to run automatically via a command line prior to
    the changing of the shift. Reports should be analyzed and other events
    should be noted when the shift activities are handed off to the next shift.

    /m

    At 02:29 PM 6/28/2001 -0700, swami swami wrote:

    >TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
    >majordomoiss.net Contact issforum-owneriss.net for help with any problems!
    >----------------------------------------------------------------------------
    >
    >Hi
    >
    >Our company intended to use ISS RealSecure, but got a problem with the
    >event log monitoring during the proposed plan discussion, which is if the
    >specific people are needed to do 24x7 monitoring for the event log.
    >I'd like to ask you guys who are using or administering this product how
    >you do the event log monitoring; do you monitor the event log 24x7 or just
    >generate report?
    >Any suggestions or experience are welcome
    >Thanks
    >
    >swami
    >
    >___________________________________________________________________________
    >Visit http://www.visto.com/info, your free web-based communications center.
    >Visto.com. Life on the Dot.