team mitre sentinel final presentation
DESCRIPTION
Team MITRE Sentinel Final Presentation. Mark Nowicki Michael Dunn Kate Brown Dave Tittle. Overview. Motivation Product Features Design Results Challenges Future Work Plan for Demo. Motivation. MITRE produces XML files that contain workstation configuration information - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Team MITRE Sentinel Final Presentation](https://reader036.vdocument.in/reader036/viewer/2022062321/568134af550346895d9bc8b4/html5/thumbnails/1.jpg)
Team MITRESentinel Final Presentation
Mark NowickiMichael Dunn
Kate BrownDave Tittle
12/8/2008 Purdue University - CS 307 1
![Page 2: Team MITRE Sentinel Final Presentation](https://reader036.vdocument.in/reader036/viewer/2022062321/568134af550346895d9bc8b4/html5/thumbnails/2.jpg)
Overview
• Motivation• Product Features• Design• Results• Challenges• Future Work• Plan for Demo
12/8/2008 Purdue University - CS 307 2
![Page 3: Team MITRE Sentinel Final Presentation](https://reader036.vdocument.in/reader036/viewer/2022062321/568134af550346895d9bc8b4/html5/thumbnails/3.jpg)
Motivation
• MITRE produces XML files that contain workstation configuration information
• However, XML file checking is:– Tedious– Time consuming– Prone to human error
• Automation will speed the process and decrease error
12/8/2008 Purdue University - CS 307 3
![Page 4: Team MITRE Sentinel Final Presentation](https://reader036.vdocument.in/reader036/viewer/2022062321/568134af550346895d9bc8b4/html5/thumbnails/4.jpg)
Product Features
• Core functionality:– Retains, compares, and parses XML files– Baseline management (Previous configurations)– Alerts administration of crucial differences
• Overall:– Reduces time needed to monitor a network
12/8/2008 Purdue University - CS 307 4
![Page 5: Team MITRE Sentinel Final Presentation](https://reader036.vdocument.in/reader036/viewer/2022062321/568134af550346895d9bc8b4/html5/thumbnails/5.jpg)
Design
• Solution: – Python and MySQL implementation– Open Source Solution
12/8/2008 Purdue University - CS 307 5
![Page 6: Team MITRE Sentinel Final Presentation](https://reader036.vdocument.in/reader036/viewer/2022062321/568134af550346895d9bc8b4/html5/thumbnails/6.jpg)
Design, cont.
12/8/2008 Purdue University - CS 307 6
![Page 7: Team MITRE Sentinel Final Presentation](https://reader036.vdocument.in/reader036/viewer/2022062321/568134af550346895d9bc8b4/html5/thumbnails/7.jpg)
Design, cont.
12/8/2008 Purdue University - CS 307 7
![Page 8: Team MITRE Sentinel Final Presentation](https://reader036.vdocument.in/reader036/viewer/2022062321/568134af550346895d9bc8b4/html5/thumbnails/8.jpg)
Design, cont.
12/8/2008 Purdue University - CS 307 8
![Page 9: Team MITRE Sentinel Final Presentation](https://reader036.vdocument.in/reader036/viewer/2022062321/568134af550346895d9bc8b4/html5/thumbnails/9.jpg)
Experiments
• Inexperience:– Python & MySQL– Software Engineering Practices– Deadlines– Metrics• Code Coverage (PyUnit)
12/8/2008 Purdue University - CS 307 9
![Page 10: Team MITRE Sentinel Final Presentation](https://reader036.vdocument.in/reader036/viewer/2022062321/568134af550346895d9bc8b4/html5/thumbnails/10.jpg)
Results• No Test Bed– Configurations Files– Performance Testing
• Trouble Out of the Box– Software not perfect as-is– Component functionality
• Performance– Overhead: Database and FTP
12/8/2008 Purdue University - CS 307 10
![Page 11: Team MITRE Sentinel Final Presentation](https://reader036.vdocument.in/reader036/viewer/2022062321/568134af550346895d9bc8b4/html5/thumbnails/11.jpg)
Challenges
• New Language, New Environment• Freedom, Horrible Freedom• Lessons Learned:– Setting Boundaries– Overhead Time– Time Management– SVN for documentation• Assembla.com
12/8/2008 Purdue University - CS 307 11
![Page 12: Team MITRE Sentinel Final Presentation](https://reader036.vdocument.in/reader036/viewer/2022062321/568134af550346895d9bc8b4/html5/thumbnails/12.jpg)
Robustness
• Extensive error checking– If one file goes bad:• error message returned• move to next file (continue execution)
12/8/2008 Purdue University - CS 307 12
![Page 13: Team MITRE Sentinel Final Presentation](https://reader036.vdocument.in/reader036/viewer/2022062321/568134af550346895d9bc8b4/html5/thumbnails/13.jpg)
Future Work
• Requirements not met:– Scheduler System
• Heartbeat– Email message system
• Not configured to specific MITRE system– Logging System
• Additional Features– Graphical User Interface– Streamlined Installation Configuration– Multiple Databases
12/8/2008 Purdue University - CS 307 13
![Page 14: Team MITRE Sentinel Final Presentation](https://reader036.vdocument.in/reader036/viewer/2022062321/568134af550346895d9bc8b4/html5/thumbnails/14.jpg)
Future Work, cont.
• Pitfalls of Open Source Solutions:– Infancy– Configuration required• No Out of Box functionality
12/8/2008 Purdue University - CS 307 14
![Page 15: Team MITRE Sentinel Final Presentation](https://reader036.vdocument.in/reader036/viewer/2022062321/568134af550346895d9bc8b4/html5/thumbnails/15.jpg)
Demo Plan
• Show Test Environment (MySQL)• Test individual parts• Execute – Transfer– Rule
• Execute system– Execute All
12/8/2008 Purdue University - CS 307 15
![Page 16: Team MITRE Sentinel Final Presentation](https://reader036.vdocument.in/reader036/viewer/2022062321/568134af550346895d9bc8b4/html5/thumbnails/16.jpg)
Questions?
Thank you for your time!
12/8/2008 Purdue University - CS 307 16
Special Thanks to Corporate Partner Dan Aiello, MITRE
![Page 17: Team MITRE Sentinel Final Presentation](https://reader036.vdocument.in/reader036/viewer/2022062321/568134af550346895d9bc8b4/html5/thumbnails/17.jpg)
12/8/2008 Purdue University - CS 307 17
![Page 18: Team MITRE Sentinel Final Presentation](https://reader036.vdocument.in/reader036/viewer/2022062321/568134af550346895d9bc8b4/html5/thumbnails/18.jpg)
12/8/2008 Purdue University - CS 307 18
![Page 19: Team MITRE Sentinel Final Presentation](https://reader036.vdocument.in/reader036/viewer/2022062321/568134af550346895d9bc8b4/html5/thumbnails/19.jpg)
12/8/2008 Purdue University - CS 307 19
![Page 20: Team MITRE Sentinel Final Presentation](https://reader036.vdocument.in/reader036/viewer/2022062321/568134af550346895d9bc8b4/html5/thumbnails/20.jpg)
12/8/2008 Purdue University - CS 307 20