RE: Host based IDS Reports

["Bohling James CONT JBC" <james.bohling () JBC JFCOM MIL>]

Mike's reply was great and should be taken to heart.  SQL is not that
difficult to learn and should be in the security practitioners toolbox.

-----Original Message-----
From: Mike Lyman [mailto:mlyman-security () comcast net] 
Sent: Monday, December 22, 2003 11:59 PM
To: focus-ids () securityfocus com
Subject: Re: Host based IDS Reports

On Sat, 2003-12-20 at 14:05, Teicher, Mark (Mark) wrote:

> Thoughts, comments, rants, raves, suggestions for a geek who preaches
> from the corner soapbox.. :)

My old boss and I used to drive vendors nuts when they'd ask us how we
liked their reporting features and we'd tell them we didn't use them.

As long as the data was being reported to a database, we'd generate our
own reports, import to Excel and pretty them up from there. None of the
built in reports met our constantly changing needs so we relied on the
database.

We also stress SQL skills as one of our main requirements for new
members of the team. We had so much data available that everybody had to
be able to write ad-hoc queries in their sleep.

It may takes some skill to pretty them up but nothing beats being able
to generate exactly the info you need instead of relying on what
somebody else thinks you probably need.


-- 
Mike Lyman <mlyman-security () comcast net>


------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------