Snort mailing list archives
RE: Threat Management
From: "Hicks, John" <JHicks () JUSTICE GC CA>
Date: Wed, 7 Aug 2002 13:24:13 -0400
An execlent paper indeed. I've been thinking about this concept for a while now. My initial thoughts was a simple perl-based system that would correlate enteries from Snort with a saved, recent copy of a nessus scan to provide more intelligent aleting according to what ports and services are registered. Despite how you do it, I think that the Asset DB alone would increase IDS effectiveness ten-fold. The current issues I see around here don't have to do with tuning rulesets to whats on the network, it has to do with the fack that idiot contractor #10 brought his system in and it has X services running that weren't on my network 24 hours ago. cheers, John Hicks -----Original Message----- From: Steve Scott [mailto:sjscott007 () earthlink net] Sent: Monday, August 05, 2002 9:59 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Threat Management I recently finished a paper on the Threat Management space and would like to share my findings will others. We are currently in the process of evaluating solutions in this space. While its not 100 percent complete it will provide an understanding of the concept. As I progress with the project I will continue to expand the paper. You can find it here: http://home.earthlink.net/~sjscott007/ Regards, Steve ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Threat Management Steve Scott (Aug 05)
- Re: Threat Management twig les (Aug 05)
- Re: Threat Management Ian Macdonald (Aug 06)
- Re: Threat Management twig les (Aug 06)
- Re: Threat Management Ian Macdonald (Aug 06)
- <Possible follow-ups>
- RE: Threat Management Hicks, John (Aug 07)
- RE: Threat Management Steve Scott (Aug 09)
- Re: Threat Management twig les (Aug 05)