We were asked for topic suggestions at Dave Glover's Report Tips presentation. A couple off the top of my head:
1 - Command line utilities... why, when and how...
2 - UDS
- Coding in general
- Date string handling in particular
In Dave Glover's "Advanced Tips and Tricks from October 2010", he once again made a call for training topics. I resurrected a list I had created under a different Intelligence Community ID.
- Dashboard reports - how to do them and ideas on what to look for
- Utilizing your SIEM - driving value, where to start, how to I leverage this, cool tricks/tips
- Configuring the SFTP agent to grab logs from Tripwire, IIS, Apache, (or <insert application here>)
- Configuring the Enterprise Dashboard - how to add your region/city/geographic location(s), how to assign alerts
- Configuring devices - the different services, gotcha's, troubleshooting issues
- Scheduling tasks, scheduling reports
- Best practices in the SIEM space
- Compliance with PCI, SOX, GLBA, HIPPA, etc.
- Something less technical, but more business focused - how to staff for a SIEM, the skill sets needed, number of analysts per devices/users