TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
> -----Original Message----- > From: Paul Van Gurp [mailto:[EMAIL PROTECTED]] > they use to do their analysis keeping in mind that I am an > SQL newbie (ie pretty green) and so running a bunch of SQL > queries is an option but hopefully one further down my > alternatives list. We skip right past the built in reports and go straight to SQL. We probably frustrate the folks from ISS everytime they ask us how we like their reporting and we tell them what we do. Maybe its an institutional bias but SQL Server is one of our primary tools. I can't imagine trying to do IDS data analysis without using the SQL language on some database package. I use a combination of canned views we've crafted and ad hoc queries. While learning how to do that is time consuming, there's probably no more flexible way to tackle the data. I didn't really have the time but I also can't afford not to take the time to learn how to do it. There are nuggets of data in there that you're not likely to tease out with canned reports. I'm working on moving beyond the queries I've been doing and on into more in depth data mining techniques. I've had enough real date miners show us what they can find in the data that I was convinced. Along with the standard SQL Server tools. I've got a few spread sheets set up that help pull some of my standard views and then I use the auto filtering features in Excel to walk the data and zero in on things of interest. That often sparks additional queries into the database. Mike Lyman Microsoft Corporate Security Monitoring and Compliance PGP KEYID 0xD7BBADAD
