Adrian Mole, Wimpy Kid are your new security mentors Splunk has hurled the fourth edition of its Enterprise Security product out the door, and feels that the most important new feature is its diary, or as Splunk likes to call it the “Investigator's journal”. The result of usability studies, the journal offers a means to record all the actions taken when security teams spot …
Good luck getting any SA type to write things down where others can read it.
Our bunch still behave as though they are third year CS undergrads, with their little black books and minimalistic e-mail chains "project tracking". One of them refused to use a browser-to-sharepoint document sink because, and I am quoting directly, "it is hosted on Microsoft" (which was disappointing on two counts: accuracy and attitude). He was supported by his peers in this, but has hung them out to dry by taking an extended medical leave of absence and leaving nil hints about how to regain control of our [REDACTED], which has had director-level people screaming blue murder. Oh well.
Sorry about the edit. Call it my AC cop-out.
If it is relying on people to update manually as they perform work it'll be as useless as all the rest, with most of the techie types forgetting to add some entries so you'll think something hasn't been tried when it already was.
If you look at the notes in a typical incident ticket, you're lucky if you see a good explanation of the problem and what solved it. Let alone a running account of all the troubleshooting steps that were taken and unsuccessful attempts to resolve the issue.
File this under "it is nice in theory"...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
