Re: Vulnerability Tracking & Management

[Josh Little <josh () zombietango com>]

We already have a large SIEM implementation in place, so duplicating that
would be a non-starter. I'll keep enVision in the hat for the next time that
a tech refresh comes into play. If it helps, these are the technologies we
are trying to consolidate reporting/tracking for:

Nessus
Qualys
IBM Appscan
DBProtect
Whitehat Sentinal
Manual Testing

Thanks,
ZT

On Thu, Feb 10, 2011 at 2:22 PM, Butturini, Russell <
Russell.Butturini () healthways com> wrote:

> This is also something that RSA envision does (It can even conduct the
> assessments for you), but it ain’t cheap J
>
>
>
> *From:* pauldotcom-bounces () mail pauldotcom com [mailto:
> pauldotcom-bounces () mail pauldotcom com] *On Behalf Of *Chesmore, Michael
> [DAS]
> *Sent:* Thursday, February 10, 2011 1:19 PM
> *To:* PaulDotCom Security Weekly Mailing List
> *Subject:* Re: [Pauldotcom] Vulnerability Tracking & Management
>
>
>
> I think you are talking about a hybrid SIEM type system.
>
>
>
> We looked at OSSIM (Open Source Security Information Manager)a year or so
> ago.  I had pretty good things to say about it on one hand and some
> shortfalls on the other.  It is 100% open source, it uses all the standard
> “tools” that we have used in security for years so it takes a default NMAP
> scan or Nessus scan right into the DB.  It has an inventory piece and a
> ticketing piece.  The challenge is that they want it to be an “all-in-one”
> suite of software.  So out of the box it works great, if you install their
> sensors, and their mgmt server it really is slick.  For a SMB I would highly
> recommend it.  Their support is ok through the forums.  In my opinion it is
> not a large enterprise solution unless you are ready to write some “glue”
> scripting to take what you already have in place and format it correctly to
> go into OSSIM.  We might still go down this route.  If you have the
> scripting skills (and the time) it could be a really viable alternative.
>
>
>
> Mike
>
>
>
> *From:* pauldotcom-bounces () mail pauldotcom com [mailto:
> pauldotcom-bounces () mail pauldotcom com] *On Behalf Of *Josh Little
> *Sent:* Thursday, February 10, 2011 1:03 PM
> *To:* pauldotcom () mail pauldotcom com
> *Subject:* [Pauldotcom] Vulnerability Tracking & Management
>
>
>
> Hey all. I'm looking for a better way to manage items discovered through
> our vulnerability assessments, application reviews, pentests, etc. in a
> centralized manner rather than spreadsheets, manual reports, etc. I'd like
> such a system to consume exported reports from various different commercial
> and open-source scanning technologies as well as manual entries, track the
> state of these, and allow me to export data that would go into our metrics
> initiative. This would need to work with application, database, and system
> vulnerability reports. Not concerned whether it is open source or
> commercial.
>
>
>
> As a bonus it would be great if it could interface with other service and
> issue tracking technologies so that I can push tasks to the appropriate
> teams and have it appear in their native operating tool.
>
>
>
> Anybody know of such a beast?
>
>
>
> ZT
>
> ******************************************************************************
> This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than 
> the named recipient of this email,
> and is to be used only for the intended purpose of this communication.
> ******************************************************************************
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com