Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

SQL Server as an IDS Tool Expand / Collapse
Author
Message
Posted Monday, August 14, 2006 3:47 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Sunday, March 15, 2009 7:51 PM
Points: 5, Visits: 3
Comments posted to this topic are about the content posted at temp


Regards,

Yaroslav

Post #301734
Posted Tuesday, August 15, 2006 1:48 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Friday, July 18, 2014 1:48 AM
Points: 430, Visits: 312

Welcome to the magical world that is SQL Server

As A Newbie you have managed to master the DB Engine and SSIS in a very short time to come up with (IMHO) quite a useful tool.

I would take a look at some other posts around this site dealing with Log File processing e.g. IIS Logs. That might give you a pointer into using SSAS to produce analisable data cubes.

Keep up the good work

Paul

Post #301792
Posted Tuesday, August 15, 2006 10:04 AM


Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: Monday, July 28, 2014 8:43 AM
Points: 517, Visits: 196
I am glad to see you used SQL in such a useful way. I use DTS packages to pull information from each of our syslog servers into a database each night. So you are certainly on the right track...and I agree that you have made great progress in a short amount of time. Maybe stage 2 will be to incorporate Reporting Services in the mix (if you haven't already thought of that and didn't see it in the article). Keep up the innovative thinking!!!


Post #301890
Posted Tuesday, August 15, 2006 6:17 PM
Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: Thursday, July 24, 2014 3:53 PM
Points: 594, Visits: 957
A very clear article - makes me (a newbie also) want to run out and try it - if only I had SQL 2005 installed on my home machine!     I'm dying to know what kind of grade you get on this project.


Here there be dragons...,

Steph Brown
Post #302008
Posted Tuesday, August 15, 2006 10:06 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Sunday, March 15, 2009 7:51 PM
Points: 5, Visits: 3

Thanks for all your posts so far, it was really excited reading them all. When I finished my project and this article I started thinking of many other ways I could use SQL server to automate the analysis. It's amazing how can SQL be such an extensible solution - you can literally stretch it with no limits. Due to the time limit on the project I didn't implement Reporting Service or any other nice and universal way to analyze data; but in a real environment and with real requirements things can get even more exciting.

Grade for the project was 92% . Having IDS logs as the only artifact of the break in was pretty harsh challenge. Imagine millions of records and every record indicates malicious activity. The real problem was that 90% of those are false positives and the rest 10% needs to be nicely aggregated before it starts making sense. The last stage was to reconstruct steps of an attacker.




Regards,

Yaroslav

Post #302022
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse