SQL Server as an IDS Tool
-
Comments posted to this topic are about the content posted at temp
-
Welcome to the magical world that is SQL Server
As A Newbie you have managed to master the DB Engine and SSIS in a very short time to come up with (IMHO) quite a useful tool.
I would take a look at some other posts around this site dealing with Log File processing e.g. IIS Logs. That might give you a pointer into using SSAS to produce analisable data cubes.
Keep up the good work
Paul
-
I am glad to see you used SQL in such a useful way. I use DTS packages to pull information from each of our syslog servers into a database each night. So you are certainly on the right track...and I agree that you have made great progress in a short amount of time. Maybe stage 2 will be to incorporate Reporting Services in the mix (if you haven't already thought of that and didn't see it in the article). Keep up the innovative thinking!!!
-
A very clear article - makes me (a newbie also) want to run out and try it - if only I had SQL 2005 installed on my home machine!
I'm dying to know what kind of grade you get on this project.
Here there be dragons...,Steph Brown
-
Thanks for all your posts so far, it was really excited reading them all. When I finished my project and this article I started thinking of many other ways I could use SQL server to automate the analysis. It's amazing how can SQL be such an extensible solution - you can literally stretch it with no limits. Due to the time limit on the project I didn't implement Reporting Service or any other nice and universal way to analyze data; but in a real environment and with real requirements things can get even more exciting.
Grade for the project was 92%
. Having IDS logs as the only artifact of the break in was pretty harsh challenge. Imagine millions of records and every record indicates malicious activity. The real problem was that 90% of those are false positives and the rest 10% needs to be nicely aggregated before it starts making sense. The last stage was to reconstruct steps of an attacker.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply