I've seen situations where some of these dashboards get people in sticky situations when an educated member of management asks "How do you use this dashboard to enhance your operations?"
If you have a little time to invest, you can setup some simple graphs using something like PRTG (http://www.paessler.com/prtg) to show traffic load of sensors or critical network segments. This isn't nearly as pretty as some of the other options, but it will make you look a lot better to management when you can explain that these graphs provide operational value and help your analysts have a quick reference for seeing current traffic load versus baselined averages. These types of graphics, when properly implemented, can be useful in picking out traffic spikes that may indicate an anomaly worth investigating within the scope of your NSM detection capability. -- Chris Sanders Foundation: http://www.ruraltechfund.org Blog: http://www.chrissanders.org Work: http://www.inguardians.com Twitter: @chrissanders88 From: allison nixon <[email protected]<mailto:[email protected]>> Reply-To: PaulDotCom Security Weekly Mailing List <[email protected]<mailto:[email protected]>> Date: Monday, October 15, 2012 8:52 PM To: PaulDotCom Security Weekly Mailing List <[email protected]<mailto:[email protected]>> Subject: Re: [Pauldotcom] Security Threat Dashboard It might be worth having a custom script that relates directly to your workflow to let you know if you have any fires that imminently need putting out. Security camera feeds... useful stuff. Do you care about current patch levels, or the fact that a lot of activity is geographically coming from eastern europe? If not, no reason to have it on the screen. Lots of those dashboards are an eyesore. On Mon, Oct 15, 2012 at 3:25 PM, xgermx <[email protected]<mailto:[email protected]>> wrote: These are great, exactly what I was looking for. On Mon, Oct 15, 2012 at 2:18 PM, Matt Nels <[email protected]<mailto:[email protected]>> wrote: Also check out the Project Honeynet Map..... map.honeynet.org<http://map.honeynet.org> On Mon, Oct 15, 2012 at 1:34 PM, xgermx <[email protected]<mailto:[email protected]>> wrote: I'm setting up SOC and looking for pretty dashboards to display global and trending threats. Admittedly this is less about sheer functionality more about looking good to management. What I've found so far: http://www.securitywizardry.com/radar.htm http://www.msisac.org/apps/dashboard/ http://atlas.arbor.net/ Any ideas? Thanks _______________________________________________ Pauldotcom mailing list [email protected]<mailto:[email protected]> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected]<mailto:[email protected]> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected]<mailto:[email protected]> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com -- _________________________________ Note to self: Pillage BEFORE burning.
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
