Snort mailing list archives
RE: Threat Management
From: Steve Scott <sjscott007 () earthlink net>
Date: 09 Aug 2002 09:24:34 -0500
I agree. Just having the asset database will improve your analysis by ten fold. Especially when its that convenient. The automated scans would work well in environment where the IDS analysts doesn't control the DMZ. We have the same problem in our operation. Systems are constantly changing and new ones are added. I added two new sections: Concerns & Evaluation Criteria. These new section should help in evaluating systems and some of the issues associated with them. Regards, Steve On Wed, 2002-08-07 at 12:24, Hicks, John wrote:
An execlent paper indeed. I've been thinking about this concept for a while now. My initial thoughts was a simple perl-based system that would correlate enteries from Snort with a saved, recent copy of a nessus scan to provide more intelligent aleting according to what ports and services are registered. Despite how you do it, I think that the Asset DB alone would increase IDS effectiveness ten-fold. The current issues I see around here don't have to do with tuning rulesets to whats on the network, it has to do with the fack that idiot contractor #10 brought his system in and it has X services running that weren't on my network 24 hours ago. cheers, John Hicks -----Original Message----- From: Steve Scott [mailto:sjscott007 () earthlink net] Sent: Monday, August 05, 2002 9:59 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Threat Management I recently finished a paper on the Threat Management space and would like to share my findings will others. We are currently in the process of evaluating solutions in this space. While its not 100 percent complete it will provide an understanding of the concept. As I progress with the project I will continue to expand the paper. You can find it here: http://home.earthlink.net/~sjscott007/ Regards, Steve ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Threat Management Steve Scott (Aug 05)
- Re: Threat Management twig les (Aug 05)
- Re: Threat Management Ian Macdonald (Aug 06)
- Re: Threat Management twig les (Aug 06)
- Re: Threat Management Ian Macdonald (Aug 06)
- <Possible follow-ups>
- RE: Threat Management Hicks, John (Aug 07)
- RE: Threat Management Steve Scott (Aug 09)
- Re: Threat Management twig les (Aug 05)