Snort mailing list archives
Re: SnortAV?
From: Paul Schmehl <pauls () utdallas edu>
Date: Thu, 28 Dec 2006 19:33:03 -0600
--On December 28, 2006 7:30:07 PM -0500 jrhendri () maine rr com wrote:
I would agree that testing a host after the fact is inherently prone to error. Does anyone know of any effort to integrate IDS with scanner output to achieve a (potentially more accurate) result? Something like doing daily nessus scans and tailoring snort output to alert for systems that were (potentially) vulnerable as of the last scan could be beneficial.
Yes. Sourcefire RNA.
I wouldn't patch my systems based on nessus output or the output from any other VA system. They're far too prone to false positives.Or you could just tune your IDS based on human intelligence and *patch* your systems based on nessus output :-)
Paul Schmehl (pauls () utdallas edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Attachment:
_bin
Description:
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SnortAV? John Hally (Dec 28)
- Re: SnortAV? purplebag (Dec 28)
- Re: SnortAV? jrhendri (Dec 28)
- Re: SnortAV? Jason (Dec 28)
- Re: SnortAV? Paul Schmehl (Dec 28)
- Re: SnortAV? jrhendri (Dec 28)
- <Possible follow-ups>
- Re: SnortAV? John Hally (Dec 29)
- Re: SnortAV? purplebag (Dec 28)