A friendly challenge.... I spoke with ISS today to see if there was a method to delete specific events from the database. Unfortunately they had no solution.
There were several queries available for the RealSecure WGM and the best came from a Microsoft IDS technician whose name escapes me. For any who recall his name (or if he cares to stand) the appropriate cudos are due. Now I am trying to figure out the same sort of function for the SiteProtector database but it's complexity befounds me. I thought to copy and try to edit one the IIS_Purge Stored Procedures but the procedure is too far over my ability to command. Now, ISS told me that they are looking to include something of the sort in the next major release but given the history that they said the same thing for WGM I will not hold my breath waiting for it. That is not a direct cut by any means - they have to prioritize where they spend time. And I am just as willing most of the time to be happy that they continue to build signatures in a relativley speedy manner. With all that said - Has anyone else derived a method/query to delete specific events from the database? Even better would be the ability to select both the event and a time frame. It is possible that given a selected set of queries with a common set of variables (Time, EventName, Date Start, Date End) that I can get some co-workers to build a GUI around it. So though my racket had a hole in it - is anyone else serving an Ace? Henry Schupp Security Engineer Mantech-IS&T _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
