Anton, I think its more granular that that. And the concept of "Top five reports" is a misnomer. Reports are created to prove very specific things in the form of corporate or entity policies. So there are a set of reports or sorted output from multiple reports making up the 'reporting' for each 'security task' that implements some policy. Thus, the relation is from the report to the Policy and Control it provides. In the Audit World these are called Monitoring Controls and report in the form of Direct testimony as the events that happen within them. That said - the power list is the COBIT, ISO17799, or ITIL control list that the specific reports meet the operating requirements of. Todd Glassey ----- Original Message ----- From: "Anton Chuvakin" <anton@private> To: <cbrenton@private> Cc: <LogAnalysis@private> Sent: Thursday, May 18, 2006 9:16 PM Subject: [logs] Re: Which reports are most important? > Chris and all, > > IMHO, there can't be a Top 5 list. To make it possible, you have to > consider the role of the report recipient. > > E.g. > > Top 5 Reports for a SysAdmin > Top 5 Reports for a Security Analyst > Top 5 Reports for a CSO > > And yes, I do have the lists - will send it later... > > On 5/17/06, Chris Brenton <cbrenton@private> wrote: > > Hey all, > > > > I'm involved with helping SANS organize the logging summit this July. As > > part of that, I was hit with a question that I thought could be best > > answered via feedback from the group. > > > > What do you feel are the top 5 reports a centralized log management > > system should provide? > > > > For example, a few I came up with: > > > > Authentication failures (Web, system access, VPNs, etc.) > > Access failures (HTTP scripts, recursion requests, etc.) > > Initialization of new/unknown processes > > Unexpected outbound traffic through the firewall (IRC, TFTP, SMTP, etc.) > > > > I would love to see a similar list from other folks on the list. > > > > Cheers, > > Chris > > > > > > _______________________________________________ > > LogAnalysis mailing list > > LogAnalysis@private > > http://lists.shmoo.com/mailman/listinfo/loganalysis > > > > > -- > Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA > http://www.chuvakin.org > http://www.securitywarrior.com > _______________________________________________ > LogAnalysis mailing list > LogAnalysis@private > http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Sun May 21 2006 - 21:18:12 PDT