RE: iss alert forwarding capabilities

From: malj32 (malj32@dial.pipex.com)
Date: 05/30/02 

From: "malj32" <malj32@dial.pipex.com>
To: <remery@guarded.net>, <dlaumann@suntzu.net>, <focus-ids@securityfocus.com>
Date: Thu, 30 May 2002 11:57:05 +0100

Guys,

With site protector 1.0 the alert mechanism has altered slightly.
Alerts go to the enterprise database from the event collector and not
the display. The display reads them from the database every 60 seconds
which is why it's no longer real-time

Mal

-----Original Message-----
From: Ralph Emery [mailto:remery@guarded.net]
Sent: 29 May 2002 17:46
To: dlaumann@suntzu.net; focus-ids@securityfocus.com
Subject: RE: iss alert forwarding capabilities

No the events are streamed back to the event collector and then to the
display as for the snmp traps those come directly from the network
sensor or host sensor.

-----Original Message-----
From: dlaumann@suntzu.net [mailto:dlaumann@suntzu.net]
Sent: Tuesday, May 28, 2002 1:43 PM
To: focus-ids@securityfocus.com
Subject: iss alert forwarding capabilities

hi,

can iss host sensors (h) send their alerts to an iss "collection server"
(c), and then have this "collection server" send out snmp alerts, for
each
host sensor alert collected, to an snmp management station (o); as
opposed
to each host sensor sending snmp alerts directly? if so, what products
(just
real secure, or real secure site protector, etc) and versions are
required?

 +---+ +---+
 | h | | h |
 +---+ +---+
   | |
    \ /
     \ / <-- iss' or <xyz> communication protocol
      |
    +---+
    | c |
    +---+
      |
      | <-- snmp
      |
    +---+
    | o |
    +---+

i haven't gotten a clear answer from iss yet. it looks as if iss does
not
support this, but thought i would check here first. 

--
thanks,
dave

Relevant Pages

  • RE: iss alert forwarding capabilities
    ... Subject: iss alert forwarding capabilities ... With site protector 1.0 the alert mechanism has altered slightly. ... No the events are streamed back to the event collector and then to the ... host sensor alert collected, to an snmp management station; ...
    (Focus-IDS)
  • Customize WMI Strings in Health Monitor alerts
    ... I configured a data collector with associate an email action to it. ... the alert. ... below "WMI Status" parameter. ... contains so many information that I like to customize I don't ...
    (microsoft.public.windows.server.sbs)
  • Re: Question on style.display
    ... #divx {display: block} ... but the alert displays ... Is the JS application of style.display different from that of CSS? ... Hence when you were reading the style property you were looking for any attributes that had been specifically set to override any that might come from other CSS rules. ...
    (microsoft.public.scripting.jscript)
  • Re: Macro Control
    ... wasn't sure if I had to use properties to control the macro itself, ... I want it to take control to display an alert like "Station 1 ... Error CU.xls only has a single sheet that is ONLY used ...
    (microsoft.public.excel.programming)
  • Re: How do I set up an if statement to move to next column each ti
    ... What do you mean by "send an ALERT"? ... email, pop-up message, display the cell ... Display a specific format depending on the value of the data ... - click the Format button and choose a red background ...
    (microsoft.public.excel.programming)