DeepSight Analyzer 4.0 Announcement

Hi everyone, I wanted to let you know that we have completed the rollout of DeepSight Analyzer 4.0. As always, the service is available at:

http://analyzer.securityfocus.com

This release includes a number of significant improvements, and features, that we hope you'll find useful. A partial list of new features follow,

One feature that we added to the system a few months ago now was the ability to receive a daily summary report (via email) of the top events and activity being observed on your network. This feature has been extremely popular, and provides an easy way to receive daily reports on your event activity.

Second, we've added support for a number of additional devices, including Firewalls, which many of you have been asking for. The DeepSight Analyzer service now supports the following devices:

 Security Device Versions

 BlackIce               2.0-3.x
 Cisco IOS              12.x
 Cisco PIX              4.2-5.1
 Cisco Secure IDS (Netranger) 2.5-3.0
 Enterasys Dragon       4.2.2
 Firewall-1             Next Generation, NG
 IP Chains              OS Independent
 IPF                    OS Independent
 NetProwler             3.5x
 NetScreen              200, 100, 50, 25, 5XP appliance
 RealSecure             3.1-5.5, 6.00-6.5
 Snort                        1.6-1.8.x
 Snort Portscan               1.6-1.8.x
 ZoneAlarm              2.6.0

A number of improvements have been made to the DeepSight Analyzer website to facilitate the addition of Firewall data, and to improve the system based on your feedback. These include the following:

NEW - User statistics page

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

  The statistics page summarizes the event activity being observed by your sensors by a number of different categories on a single screen. These categories include:

• Top increasing IDS events - A set of graphs depicting the events that are seeing the most significant increase on your network
• Top increasing Port activity - A set of graphs depicting the ports that are seeing the most signficant increase on your network
• Top attacked products - The top products being targetted on your network
• Top offending ISPs - The top ISPs from which events targetting your network originate
• Top ports - The top ports your sensors are observing activity on
• Top source IPs - The top source IP addresses from which your sensors are observing activity
• Top countries - The top sources countries from which your sensors are observing activity

  The majority of these items will also allow you to drill down to view specific events associated with these items.

NEW - Events Screen

  The "Events" screen has replaced the previous "Incidents" screen. This screen contains a series of sub-options, designed to allow you to view your Intrusion Detection System and Firewall Events rolled up by a number of different categories. These categories are:

• By Event Type - This will allow viewing of events rolled up by unique event type
• By Destination Port - This will allow viewing of events rolled up by unique destination port
• By Source Address - This will allow viewing of events rolled up by unique source address
• By Source Domain - This will allow viewing of events rolled up by unique source domain
• By Source Country - This will allow viewing of events rolled up by unique source country
• By Source ISP - This will allow viewing of events rolled up by unique source ISP
• By Logs - This will allow viewing of events rolled up by the log in which they were uploaded. This will replace the existing upper level "Logs" tab

NEW - Report Overhaul

  We have overhauled the previous reports to consist of a series of 6 summary reports. These 6 reports provide the same information that was previously available, a more compact fashion. The following six reports are available:

• Event Summary

  This report provides a breakdown of event and port activity observed by your network intrusion detection and firewall systems. It is helpful in determining which attacks are targeting your network, and determining the trend of this activity. This report consists of multiple pages if both IDS and Firewall events were provided and selected, or a single page if only one of these event types have been provided or selected.

• Origin Summary

  This report provides a breakdown of where events targeting your network are originating. It is helpful in determining who is attacking you, and determining the trend of attack activity from each source. This report depicts both IDS and Firewall activity, if events were provided and selected, or only one of these if only one of these event types have been provided or selected. This report includes:

      Top IP(s) targeting your network
      Top ISP(s) from which attacks originate
      Top Country(s) from which attacks originate

• Category Summary

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

  This report provides a breakdown of event activity by the category or class of events that are targeting your network. This report is useful in determining the type of activity that is most frequently observed targeting your network.

• Target Products

  This report provides a breakdown of the products and applications that are being targeted on your network. This knowledge provides you with insight into the possible intent of these events, and precautions that should be taken in protecting these services.

• Event Time

  This report provides a breakdown of the timeframe when network security events most commonly occur on your network. Knowledge of when these events occur allows for the tracking of historical activity and the allocation of resources for future planning.

• IP Analysis

  This report provides insight into the activity of a single IP address that is targeting your network. This report consists of a number of components that reflect the activity, habits, and applications that the IP address is targeting. In correlating a number of these data points, this report presents the origin of the attacker, and the vulnerabilities and services targeted by the attacker.

NEW - Report Configuration Wizard

  A new Report Configuration Wizard has replaced the previous report configuration screen in the "Reports" section. This wizard is intended to simplify the generation of reports, by allowing more flexible selection of reporting criteria. This screen consists of a series of 6 screens, each allowing entry of reporting criteria. This screen contains the same functionality as the previous report configuration screen, with the following additions:

• The ability to specify which IDS sensors you would like to include data from in your report
• The specification of multiple source addresses and source countries to report on
• The specification of multiple destination addresses to report on
• The specification of multiple event categories to report on
• The specification of multiple product categories to report on

We hope you like these changes, and continue to use the DeepSight Analyzer service. Please feel free to send any feedback to:

oliver_friedrichs@symantec.com

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Thank you!

• Oliver