PaulDotCom mailing list archives
Re: Situational Awareness
From: Adrien de Beaupre <adriendb () gmail com>
Date: Fri, 29 Apr 2011 18:37:26 -0400
Hi Bruce, actually I have found that the best way to achieve 'situational awareness' is via monitoring as many internal and external sources of information as possible. Ideally a dashboard would be composed of both technical feeds of data such as logs and IDS/IPS as well as what I term Cyber Threat Intelligence (CTI). There are commercial and open source methods of collecting these. I presented on this at SANSFire 2009: https://www.sans.org/webcasts/sansfire-2009-developing-cyber-threat-intelligence-92553 Cheers, Adrien On Fri, Apr 29, 2011 at 10:27 AM, Bruce Barnett <grymoire () gmail com> wrote:
I'm trying to collect some ideas on how customers can do a better job on determining their "situational awareness." I'm looking for tools, standards, metrics, visualization techniques, best practices, etc. Off the top of my head, I can think of some basic categories ICMP and ping-based tools SNMP (scotty, tkined, HP OpenView) Nmap - in a class by itself Patch management tools Vulnerability Scanners Does anyone know of any resources/web links on this topic? Best Practices? _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Cheers, Adrien de Beaupre SANS Internet Storm Center Handler --- Note: The SANS Handlers is a group of approximately 30 volunteer incident handlers. You may receive responses from other individuals on that list. Also, please direct all communication to handlers () sans org, so that everyone is kept "in the loop. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Situational Awareness Bruce Barnett (Apr 29)
- Re: Situational Awareness Adrien de Beaupre (Apr 29)
- Re: Situational Awareness Bruce Barnett (May 02)
- Re: Situational Awareness Adrien de Beaupre (May 04)
- Re: Situational Awareness Bruce Barnett (May 02)
- Re: Situational Awareness Adrien de Beaupre (Apr 29)