Q

IDS data to include in monthly report

I am planning to compile security metics for a monthly report. Included will be statistics from the IDS. My question is: What statistics do I ask the technicians who are monitoring the IDS to provide me?

You should ask them for information contained in the list below. The IDS team may have all of it, or just act as a group that feeds into another team that does the analysis.

  • Number of alerts, sorted by severity (high, medium, low) and particular probe (You should have a numerical naming structure for all probes to quickly identify where the data is coming from.)
  • Number of high alerts that have been resolved
  • List of high alerts that are still pending investigation, including priorities
  • List of known false positives
  • Planned changes to signature base to deal with false positives and new signature releases
  • Overall network diagram showing placement of IDS probes (This changes frequently, so including it in a monthly report helps you understand where you are getting data from.)

Note that "Number" just means a count. "List" indicates that we want a simple description of each issue.

Hope this helps.


For more information on this topic, visit these other SearchSecurity.com resources:
News & Analysis: Software takes holitic approach to detecting security glitches
Infosec Know IT All Trivia: Intrusion detection
Scheier's Security Product Roundup: Vendors struggle to provide common view of security events


This was first published in January 2003

Dig deeper on Network Intrusion Detection (IDS)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close