SQLServerCentral / Discuss Content Posted by Yaroslav Pentsarskyy / Article Discussions / Article Discussions by Author / SQL Server as an IDS Tool / Latest PostsInstantForum.NET v2.9.0SQLServerCentralhttp://www.sqlservercentral.com/Forums/notifications@sqlservercentral.comTue, 21 May 2013 10:58:25 GMT20RE: SQL Server as an IDS Toolhttp://www.sqlservercentral.com/Forums/Topic301734-318-1.aspx<P><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Verdana">Thanks for all your posts so far, it was really excited reading them all. When I finished my project and this article I started thinking of many other ways I could use SQL server to automate the analysis. It's amazing how can SQL be such an extensible solution - you can literally stretch it with no limits. Due to the time limit on the project I didn't implement Reporting Service or any other nice and universal way to analyze data; but in a real environment and with real requirements things can get even more exciting.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></SPAN></P><P><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Verdana">Grade for the project was 92% <img src='images/emotions/smile.gif' height='20' width='20' border='0' title='Smile' align='absmiddle'>. Having IDS logs as the only artifact of the break in was pretty harsh challenge. Imagine millions of records and every record indicates malicious activity. The real problem was that 90% of those are false positives and the rest 10% needs to be nicely aggregated before it starts making sense. The last stage was to reconstruct steps of an attacker.</SPAN></P>Tue, 15 Aug 2006 22:06:00 GMTYaroslav Pentsarskyy-353753RE: SQL Server as an IDS Toolhttp://www.sqlservercentral.com/Forums/Topic301734-318-1.aspxA very clear article - makes me (a newbie also) want to run out and try it - if only I had SQL 2005 installed on my home machine! <img src='images/emotions/sad.gif' height='20' width='20' border='0' title='Sad' align='absmiddle'> I'm dying to know what kind of grade you get on this project.Tue, 15 Aug 2006 18:17:00 GMTStephanie J BrownRE: SQL Server as an IDS Toolhttp://www.sqlservercentral.com/Forums/Topic301734-318-1.aspxI am glad to see you used SQL in such a useful way. I use DTS packages to pull information from each of our syslog servers into a database each night. So you are certainly on the right track...and I agree that you have made great progress in a short amount of time. Maybe stage 2 will be to incorporate Reporting Services in the mix (if you haven't already thought of that and didn't see it in the article). Keep up the innovative thinking!!! Tue, 15 Aug 2006 10:04:00 GMTTim CullenRE: SQL Server as an IDS Toolhttp://www.sqlservercentral.com/Forums/Topic301734-318-1.aspx<P>Welcome to the magical world that is SQL Server</P><P>As A Newbie you have managed to master the DB Engine and SSIS in a very short time to come up with (IMHO) quite a useful tool.</P><P>I would take a look at some other posts around this site dealing with Log File processing e.g. IIS Logs. That might give you a pointer into using SSAS to produce analisable data cubes.</P><P>Keep up the good work</P><P>Paul</P>Tue, 15 Aug 2006 01:48:00 GMTPaul Smith-221741SQL Server as an IDS Toolhttp://www.sqlservercentral.com/Forums/Topic301734-318-1.aspxComments posted to this topic are about the content posted at <A HREF="temp">temp</A>Mon, 14 Aug 2006 15:47:00 GMTYaroslav Pentsarskyy-353753