Thanks for the information but I need to do it offline
because I just need to do it every 3 months to create
a report to our CSO.
I'll start working on it this week. I'll test
exporting both(events and tickets) to a SQL/Access DB
and figure out how to correlate them.
Any sample or idea will be appreciated.
Tks,
JL
--- John Bankes <jbankes (at) netforensics (dot) com [email concealed]> escreveu:
> We also provide most of what you are looking for.
> Check out
> www.netforensics.com for more information. Sorry
> for the commercial, but it
> might be what you're looking for. JB
>
> -----Original Message-----
> From: SecurIT Informatique Inc.
> [mailto:securit (at) iquebec (dot) com [email concealed]]
> Sent: Thursday, December 16, 2004 6:47 PM
> To: Jose Costa
> Cc: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Re: Securty Audit Correlating
>
> Hello Jose,
>
> I am not sure if this will fit all your bill, but
> you may want to look at my
> log centralising and analysis software LogAgent
> (http://securit.iquebec.com). It will analyse in
> real time your event
> viewer logs, so you can set filters for specific
> object access, accounts
> usage or event type, and it will convert your event
> viewer logs in ascii at
> the same time.
>
> As for the correlating, it is probably possible to
> use one of the consoles I
> designed (LogIDS or LogMonitor) by converting your
> tickets in ascii. Or
> maybe that the extractor side-tool I wrote with
> these consoles is better
> suited for your needs. If you think that these
> things could help you, but
> the correlating does not exactly satisfy you, let me
> know and I can probably
> write you something customized to your needs, that
> is if you cannot find
> anything else around.
>
> Feel free to contact me if you have any questions
> regarding these tools.
>
> Adam Richard
> SecurIT Informatique Inc.
>
> At 02:54 PM 16/12/2004, Jose Costa wrote:
> >Hi all,
> >
> >Currently we are outsourcing our account creation,
> password
> >unlock/modify, folder creation/access control and
> Internet/Applications
> >Access Control to a third company and we need some
> audit and reports.
> >We use AD running on W2K Server.
> >
> >Basically what we want to do is to activate GPO
> Account Management and
> >Object Access and create some users with
> Admin/Account Operators rights
> >and log their object access on File Servers top
> folders and account
> >management tasks.
> >
> >After that,we need to do some correlating with Help
> Desk Tickets, based
> >on time. We will audit that with samples, not all
> logs or tickets.
> >
> >The target is to discover if these accounts were
> used without a help
> >desk ticket, or they were used more than they
> should be, based on the
> >ticket.
> >
> >My idea is to export both (event viewer and help
> desk
> >tickets) to a .txt, .cvs, etc file and compare
> them.
> >After that generate a report. I'd like to make some
> automation for
> >that...
> >
> >Is there any best practices, samples, papers for
> that.
> >
> >Any input or experience regarding it will be
> appreciated.
> >
> >Best Regards,
> >
> >Jose Luiz
> >
> >
> >
> >
> >
>
>_______________________________________________________
> >Yahoo! Mail - Agora com 250MB de espaço gratuito.
> Abra uma conta agora!
> >http://br.info.mail.yahoo.com/
> >
>
>-----------------------------------------------------------------------
> >----
> >
>
>_____________________________________________________________________
> >
> >Envie de discuter gratuitement avec vos amis ?
> >Téléchargez Yahoo! Messenger
> http://yahoo.ifrance.com
>
>
_______________________________________________________
Yahoo! Acesso Grátis - Instale o discador do Yahoo! agora. http://br.acesso.yahoo.com/ - Internet rápida e grátis
because I just need to do it every 3 months to create
a report to our CSO.
I'll start working on it this week. I'll test
exporting both(events and tickets) to a SQL/Access DB
and figure out how to correlate them.
Any sample or idea will be appreciated.
Tks,
JL
--- John Bankes <jbankes (at) netforensics (dot) com [email concealed]> escreveu:
> We also provide most of what you are looking for.
> Check out
> www.netforensics.com for more information. Sorry
> for the commercial, but it
> might be what you're looking for. JB
>
> -----Original Message-----
> From: SecurIT Informatique Inc.
> [mailto:securit (at) iquebec (dot) com [email concealed]]
> Sent: Thursday, December 16, 2004 6:47 PM
> To: Jose Costa
> Cc: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Re: Securty Audit Correlating
>
> Hello Jose,
>
> I am not sure if this will fit all your bill, but
> you may want to look at my
> log centralising and analysis software LogAgent
> (http://securit.iquebec.com). It will analyse in
> real time your event
> viewer logs, so you can set filters for specific
> object access, accounts
> usage or event type, and it will convert your event
> viewer logs in ascii at
> the same time.
>
> As for the correlating, it is probably possible to
> use one of the consoles I
> designed (LogIDS or LogMonitor) by converting your
> tickets in ascii. Or
> maybe that the extractor side-tool I wrote with
> these consoles is better
> suited for your needs. If you think that these
> things could help you, but
> the correlating does not exactly satisfy you, let me
> know and I can probably
> write you something customized to your needs, that
> is if you cannot find
> anything else around.
>
> Feel free to contact me if you have any questions
> regarding these tools.
>
> Adam Richard
> SecurIT Informatique Inc.
>
> At 02:54 PM 16/12/2004, Jose Costa wrote:
> >Hi all,
> >
> >Currently we are outsourcing our account creation,
> password
> >unlock/modify, folder creation/access control and
> Internet/Applications
> >Access Control to a third company and we need some
> audit and reports.
> >We use AD running on W2K Server.
> >
> >Basically what we want to do is to activate GPO
> Account Management and
> >Object Access and create some users with
> Admin/Account Operators rights
> >and log their object access on File Servers top
> folders and account
> >management tasks.
> >
> >After that,we need to do some correlating with Help
> Desk Tickets, based
> >on time. We will audit that with samples, not all
> logs or tickets.
> >
> >The target is to discover if these accounts were
> used without a help
> >desk ticket, or they were used more than they
> should be, based on the
> >ticket.
> >
> >My idea is to export both (event viewer and help
> desk
> >tickets) to a .txt, .cvs, etc file and compare
> them.
> >After that generate a report. I'd like to make some
> automation for
> >that...
> >
> >Is there any best practices, samples, papers for
> that.
> >
> >Any input or experience regarding it will be
> appreciated.
> >
> >Best Regards,
> >
> >Jose Luiz
> >
> >
> >
> >
> >
>
>_______________________________________________________
> >Yahoo! Mail - Agora com 250MB de espaço gratuito.
> Abra uma conta agora!
> >http://br.info.mail.yahoo.com/
> >
>
>-----------------------------------------------------------------------
> >----
>
>-----------------------------------------------------------------------
> >----
> >
>
>_____________________________________________________________________
> >
> >Envie de discuter gratuitement avec vos amis ?
> >Téléchargez Yahoo! Messenger
> http://yahoo.ifrance.com
>
>
_______________________________________________________
Yahoo! Acesso Grátis - Instale o discador do Yahoo! agora. http://br.acesso.yahoo.com/ - Internet rápida e grátis
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]