HostedDB - Dedicated UNIX Servers
pilot_15 August 28, 1998 Intrusion Detection Pilot Program Guide 12 no special knowledge or training. q The graphical interface uses an iconic display to alert operators to important occurrences. Varying shapes and colors (red, yellow, green) are used to guide problem resolution. q The graphical interface can display information sorted by source address (initiator), destination address (target), or event type. q The graphical interface supports a "drill down" mechanism so that the operator may obtain additional information about an event. This information includes actions that were taken by Product in response to the event. q  The graphical interface consolidates multiple event occurrences into a single alarm. q Events from any Product engine can be monitored from a single, authorized management console. q A single Product engine can report event data to multiple management consoles simultaneously. q  Product alarm data can be received by an HP OpenView management console. Data Management q  Data from many Product engines is assimilated on a management console. This includes event summary data as well as the binary content of logged sessions. q Data on the management console is stored in an ODBC database. This database is built-in and requires no installation of third-party software. q Product provides the capability of automating the transfers of the engine database files to the console. q The ODBC database can be exported to a database of your choice or to a delineated text file. q The database structure is completely open and is published in the Product documentation. This database can be easily accessed by third-party management tools, if desired. q  Product provides built-in report generation capability. q Product provides at least 12 pre-defined reports. q Product provides multiple forms of reporting suitable for all technical levels. q  Product reports are configurable and customizable. q  Product’s data management capabilities provide critical information required for risk assessment and decision making. Performance q Product engines can monitor network traffic and take action autonomously, without a console running.