Couple ISC site updates
The page which allows you for new diary notifications was broken and is now fixed again (see http://isc.sans.org/notify.html ).
A couple weeks ago I added AS reports. They are still being tested. Let me know if you have feedback. (see http://isc.sans.org/as.html )
We are planning in the not to distant future to do a test of our "infocon" system. This is just a pre-pre notification and here is the overall plan I am thinking about right now:
- publish a story with details about the test, a few days in advance.
- publish a second diary story with details about the test, one hour before the test.
- change the infocon. I am thinking about using the suffix "test" in our infocon.txt ( isc.sans.org/infocon.txt ) file.
- update the second story once all is back to normal.
So if you are triggering any notifications, be aware that this may happen. I will run the test around noon EDT. This is about the time when most of our readers are awake (Europe + US). Its probably better to do this during business hours then late at night. No need to wake up anybody with a pager alert.
Reporting firewall logs
We got a couple of users forwarding firewall logs to the handlers\at/sans.org e-mail address. While we appreciate logs, malware and other reports like it, please don't send automated log reports to handlers\at/sans.org. If you send logs, include some detail why you consider them unusual.
Please use DShield for automated log reporting (see http://www.dshield.org/howto.html ). Our handlers have access to the DShield database and regularly check it for unusual activity.
Thanks!
Comments