TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
Network monitering of 1 sensor logs could exceed 1 GB / day, which is why you need data consolidation SW. If you have that, it can be pared down to a partial MH/day. I (1 man) administered over 1,000 nodes, before including all *NIX Host admin & Internet services and firewalls WITH data consolidation, without consolidation You could waste a team reading the logs from one sensor. David Hawley, CISSP Automated Total Systems Solutions, Inc. 201 Sandpointe Ave, Ste 870 Santa Ana, CA 714-966-0661 -----Original Message----- From: QUAGLIERI, ERNEST E [mailto:[EMAIL PROTECTED]] Sent: Friday, July 26, 2002 1:11 PM To: '[EMAIL PROTECTED]' Subject: Staffing needs TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ------------------------------------------------------------------------ ---- I have been asked to research staffing requirements for a monitoring group. I was wondering if anyone could offer information on the number of recommended personnel per sensor(s), (or per console, based on xx number of sensors) and whether they simply monitor or also investigate suspicious activity. I realize that the level of alerts would affect this number but I am just looking for a baseline. Thanks in advance, Ernie Quaglieri FleetBoston Financial
