Home > Ask the Security Experts > Questions & Answers > IDS data to include in monthly report
Ask The Security Expert: Questions & Answers
EMAIL THIS

IDS data to include in monthly report

Ed Skoudis EXPERT RESPONSE FROM: Ed Skoudis

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site
>
QUESTION POSED ON: 03 January 2003
I am planning to compile security metics for a monthly report. Included will be statistics from the IDS. My question is: What statistics do I ask the technicians who are monitoring the IDS to provide me?

>

You should ask them for information contained in the list below. The IDS team may have all of it, or just act as a group that feeds into another team that does the analysis.

  • Number of alerts, sorted by severity (high, medium, low) and particular probe (You should have a numerical naming structure for all probes to quickly identify where the data is coming from.)
  • Number of high alerts that have been resolved
  • List of high alerts that are still pending investigation, including priorities
  • List of known false positives
  • Planned changes to signature base to deal with false positives and new signature releases
  • Overall network diagram showing placement of IDS probes (This changes frequently, so including it in a monthly report helps you understand where you are getting data from.)

Note that "Number" just means a count. "List" indicates that we want a simple description of each issue.

Hope this helps.

For more information on this topic, visit these other SearchSecurity.com resources:
News & Analysis: Software takes holitic approach to detecting security glitches
Infosec Know IT All Trivia: Intrusion detection
Scheier's Security Product Roundup: Vendors struggle to provide common view of security events

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Find Security Solutions for Your Business
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts