Re: Security Threat Dashboard

[Chris Sanders <chris () chrissanders org>]

I've seen situations where some of these dashboards get people in sticky situations when an educated member of 
management asks "How do you use this dashboard to enhance your operations?"

If you have a little time to invest, you can setup some simple graphs using something like PRTG 
(http://www.paessler.com/prtg) to show traffic load of sensors or critical network segments. This isn't nearly as 
pretty as some of the other options, but it will make you look a lot better to management when you can explain that 
these graphs provide operational value and help your analysts have a quick reference for seeing current traffic load 
versus baselined averages. These types of graphics, when properly implemented, can be useful in picking out traffic 
spikes that may indicate an anomaly worth investigating within the scope of your NSM detection capability.

--
Chris Sanders
Foundation: http://www.ruraltechfund.org
Blog: http://www.chrissanders.org
Work: http://www.inguardians.com
Twitter: @chrissanders88

From: allison nixon <elsakoo () gmail com<mailto:elsakoo () gmail com>>
Reply-To: PaulDotCom Security Weekly Mailing List <pauldotcom () mail pauldotcom com<mailto:pauldotcom () mail 
pauldotcom com>>
Date: Monday, October 15, 2012 8:52 PM
To: PaulDotCom Security Weekly Mailing List <pauldotcom () mail pauldotcom com<mailto:pauldotcom () mail pauldotcom 
com>>
Subject: Re: [Pauldotcom] Security Threat Dashboard

It might be worth having a custom script that relates directly to your workflow to let you know if you have any fires 
that imminently need putting out.  Security camera feeds... useful stuff.  Do you care about current patch levels, or 
the fact that a lot of activity is geographically coming from eastern europe?  If not, no reason to have it on the 
screen.  Lots of those dashboards are an eyesore.

On Mon, Oct 15, 2012 at 3:25 PM, xgermx <xgermx () gmail com<mailto:xgermx () gmail com>> wrote:
These are great, exactly what I was looking for.


On Mon, Oct 15, 2012 at 2:18 PM, Matt Nels <mattnels () gmail com<mailto:mattnels () gmail com>> wrote:
Also check out the Project Honeynet Map.....

map.honeynet.org<http://map.honeynet.org>

On Mon, Oct 15, 2012 at 1:34 PM, xgermx <xgermx () gmail com<mailto:xgermx () gmail com>> wrote:
I'm setting up SOC and looking for pretty dashboards to display global and trending threats.
Admittedly this is less about sheer functionality more about looking good to management.
What I've found so far:
http://www.securitywizardry.com/radar.htm
http://www.msisac.org/apps/dashboard/
http://atlas.arbor.net/

Any ideas?

Thanks

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com<mailto:Pauldotcom () mail pauldotcom com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com<mailto:Pauldotcom () mail pauldotcom com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com<mailto:Pauldotcom () mail pauldotcom com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



--
_________________________________
Note to self: Pillage BEFORE burning.

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com