RE: Standardized Reporting

From: Brooke, O'neil (EXP) (o'neil.brookeat_private)
Date: Thu Aug 15 2002 - 13:35:43 PDT

  • Next message: Gary Baribault: "BIND scan from"

    	Since last night's post, I've received several responses both on and
    off list. Every single one of them was positive and/or supportive of the
    concept. So I'm going to go ahead with the idea of developing a standardized
    report. Right now I have a few objectives in mind for this report:
    	+ A generic report that can be used to document virtually any
    computer incident investigation.
    	+ Document a methodical approach to the incident investigation.
    (Some of the responses I've had expressed an interest in the checklist
    because they were not entirely aware of the sequence of events that should
    go into an investigation.)
    	+ Document both generic and private information, however, do this in
    such a way that the private information can quickly and easily be stripped
    from the report. If we start to use this form, it does not make sense to
    document in one way for the incidents list and another way for your
    management structure.
    	+ Operating System specific sections. We could make the form
    operating system independant, but then we lose a great opportunity for
    providing newcomers a practicle how-to investigate and incident.
    	If anyone else has other objectives they would like a report like
    this to satisfy, please, either send them to me or post them to the list.
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Thu Aug 15 2002 - 15:08:09 PDT