TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
If one is using Crystal Report 7, one can schedule custom report
generation by creating a report within CrystalReports the importing it
into User Imported underneath the Reports folder. One can even go a stpe
further, and configure their Enterprise Network Management Event Engine to
trigger an alert when something happens and within RealSecure define a
custom event to grab the event message send it to the ENMS system, then
event from ENMS triggers a trouble ticket through ARS Remedy or some other
ticketing system.
An a well developed IDS system should be able to integrate into an
existing Enterprise Network Management Systsem.
The only thing that is currently wrong with ISS RealSecure, is that there
is no REAL SECURE(sorry about the pun) way to transport the data that is
collected by Real Secure. When I worked with ISS Professional services
about a year ago, they in their infinite wisdom to solve this situation be
installing WarFTP on the console and open up FTP to a non-secure machine
in the network. When questioned about this scenario, they stated ISS Real
Secure is flawed, and this is the workaround.
Well after playing ISS Real Secure 3.2.1, this problem is still present,
and my workaround was installing SSH and automating the encryption and
transfer process to the designated reporting host on an isolated network.
The reporting host has only the necessary O/S tidbits, plus the report
generator software and directly connected to a printer.
I wonder if the ISS engineers could design a way to transfer the data from
the Console to a designated host similiar to how Macafee updates it's
virus software.
Jim - you knew I was going to reply with another workaround
ISS - above is an enhancement and probably some assemblance on ISS should
start putting together a Knowledgebase FAQ on how to configure your ISS
Real Secure, this would cut down on the silly questions posted from some
people (i.e Gavin)... :)
/m
"Lindley, Jim (ISSAtlanta)" <[EMAIL PROTECTED]>
02/27/00 09:56 PM
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>,
"Lindley,
Jim (ISSAtlanta)" <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: RE: Automating RealSecure report generation -reply
The point of my comment was that there was no way to automate REALSECURE
reports. Of course, you can use a third party (MS Access) against the MDB
file, but that isn't RealSecure, it's a work-around. Of course,
work-arounds are always welcome 8-).
Jim Lindley
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 25, 2000 9:06 PM
To: Lindley, Jim (ISSAtlanta)
Cc: [EMAIL PROTECTED]
Subject: RE: Automating RealSecure report generation -reply
Actually this is not true, some little trickery with Microsoft Access and
the Scheduler program in Win NT, you can generate instant event reports.
This does work very well.
/m
"Lindley, Jim (ISSAtlanta)" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
02/23/00 09:56 PM
To: [EMAIL PROTECTED]
cc:
Subject: RE: Automating RealSecure report generation
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
RealSecure reports cannot be automated. Other ISS products offer such
command line and scheduling options, but the only "automation" for
RealSecure reports is via SAFESuite Decisions, the ISS enterprise-level
security decision support application. Currently, there is a command-line
manager for the Network Sensor (EngineMgr.exe), but it does not include
report generation.
One of the reasons for this state of affairs is that the scanner tools
generally produce reports after a specific event is completed (i.e., the
scan is run, the report is generated). However, RealSecure is a realtime
tool with no "stop and report" point and the Console database that
provides
the data for the reports was updated either manually or via a
non-predictable dynamic activity initiated by the Network Sensor. So
there
was no "scheduled" event to trigger the reports. The EngineMgr utility
now
provides scheduled management to the Network Sensor, but report generation
is NOT one of those functions.
James R Lindley
Senior Security Instructor
Internet Security Systems Inc
678-443-6323
An unquenchable thirst for Pierian water.
****************************************************************************
*******
ISS CONNECT 2000
International User Group and Information Security Summit
March 19-24, 2000 http://connect.iss.net
REGISTER TODAY!
****************************************************************************
*******
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 23, 2000 11:00 AM
To: [EMAIL PROTECTED]
Subject: Automating RealSecure report generation
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
Hello,
I am running RealScure on (gag) NT and I was informed by the ISS associate
that
the generation of reports could be automated. However, I have yet to find
documenation on how this is done. Does anyone have a URL that documents
these
procedures or hints and suggestions on how they accomplished it? I'm a
UNIX
(Linux) guy, so I'm much more interested in how to program it rather than
in
tedious point-and-click business.
Thanks,
Jimmy
