Re: Situational Awareness

[Adrien de Beaupre <adriendb () gmail com>]

Hi Bruce,

actually I have found that the best way to achieve 'situational
awareness' is via monitoring
as many internal and external sources of information as possible.
Ideally a dashboard would
be composed of both technical feeds of data such as logs and IDS/IPS
as well as what I
term Cyber Threat Intelligence (CTI). There are commercial and open
source methods of collecting these.

I presented on this at SANSFire 2009:
https://www.sans.org/webcasts/sansfire-2009-developing-cyber-threat-intelligence-92553

Cheers,
Adrien

On Fri, Apr 29, 2011 at 10:27 AM, Bruce Barnett <grymoire () gmail com> wrote:
> I'm trying to collect some ideas on how customers can do a better job on
> determining their "situational awareness."
> I'm looking for tools, standards, metrics, visualization techniques, best
> practices, etc.
>
> Off the top of my head, I can think of some basic categories
>  ICMP and ping-based tools
>  SNMP (scotty, tkined, HP OpenView)
>  Nmap - in a class by itself
>  Patch management tools
>  Vulnerability Scanners
>
> Does anyone know of any resources/web links on this topic?
> Best Practices?
>
>
>
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com



-- 
Cheers,
Adrien de Beaupre
SANS Internet Storm Center Handler
---
Note: The SANS Handlers is a group of approximately 30 volunteer
incident  handlers.  You may receive responses from other individuals
on that list.  Also, please direct all communication to
handlers () sans org, so that everyone is kept "in the loop.
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com