[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ids
Subject:    IDS: Re: Change control features in IDS products?
From:       mht () clark ! net
Date:       2001-12-28 17:33:33
[Download RAW message or body]

Archive: http://msgs.securepoint.com/ids
FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner@uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
-----------------------------------------------------------------------------
In the Agent Report Query, it will identify agents that have changed.
No change control, but if one is using ICECap 3.0, there are users and groups.
In the past, I have used VSS to keep track of new agent builds with some 
serious comments during check-in, but it is a manual process.  I think you 
can do some SQL queries from the ICECap to get the information but it is 
not easy as it sounds.

/m

At 02:40 AM 12/27/2001 -0800, Kohlenberg, Toby wrote:
>Does anyone know of any development being done to integrate
>change control features into IDS products? Have people got solutions
>that they've cobbled together for this? I can see using some
>source code control product to handle things like snort or dragon
>config and rule files, but what about a way to identify who made
>the last change to an ICEcap group config? Same thing for any other
>product where you are likely to have more than one admin (I use ICEcap
>as an example because it is easy to see situations where multi-admin
>environments will exist, no other reason).
>The simple answers are things like a text file or log book, but
>what about adding a separate part of the interface where you can go
>see what the recent changes have been to any section of the config? Has
>anyone seen the ability to associate a short text entry with a change
>when it is made?
>
>Sorry for the overlap between these lists (I know a lot of us read both)
>but I wanted to get complete coverage.
>
>All opinions are my own and in no way reflect the views of my employer.
>
>Toby

[prev in list] [next in list] [prev in thread] [next in thread]