Re: Rapid7 and Snort....Good Things from this I think

[Joel Esler <jesler () sourcefire com>]

Yes, exactly.  Thanks Jason.

Joel

On Apr 11, 2011, at 1:07 PM, Jason Brvenik wrote:

> You talking about SourcefireNation?
>
> https://community.sourcefire.com/ is live and readily available.
>
> The integration stuff is in downloads -
> https://community.sourcefire.com/downloads
>
> On Mon, Apr 11, 2011 at 12:53 PM, Joel Esler <jesler () sourcefire com> wrote:
> > We integrate with a bunch of things.  Rapid7, Qualys, Nessus, Nmap, etc.  More and more coming all the time.  We 
> > have a website dedicated to just these types of tools that integrate with the Sourcefire Defense Center, not sure 
> > when that'll be announced (or if it was, did I miss it?)
> >
> > Joel
> >
> > On Apr 11, 2011, at 12:42 PM, Jason Wallace wrote:
> >
> > > Enhancing RNA rule recommendations and having host vulnerability data
> > > readily available are both great, but the biggest thing this adds is
> > > the effect on the impact flag for an alert.
> > >
> > > When your IPS console knows that host x.x.x.x is vulnerable to
> > > MSYY-xxxx or CVE-YYYY-xxxx and one of your sensors triggers an alert
> > > for a rule designed to detect that specific threat, then the console
> > > can correlate that data to increase the priority (impact) of that
> > > alert.
> > >
> > > This allows an analyst to identify alerts that should be examined
> > > immediately. It can also provides more assurance regrading
> > > implementing certain types of automated responses like firewall shuns
> > > or null routes on routers.
> > >
> > > Sourcefire systems also integrate with Qualys data and a number of
> > > SIEM solutions such as QRadar. QRadar also integrates with a number of
> > > vulnerability scanners too. When your IPS, vulnerability management
> > > tool, and SIEM all work together the result if friggen' awesome...
> > >
> > > Thx,
> > > Wally
> > >
> > >
> > >
> > > On Mon, Apr 11, 2011 at 12:17 PM, Albert R. Campa <abcampa () gmail com> wrote:
> > > > i guess it would enhance RNA? There is only so much you can detect
> > > > sniffing traffic passively. If you can import credentialed vuln
> > > > information, your RNA recommended rules would be pretty tight.
> > > >
> > > >
> > > >
> > > > On Mon, Apr 11, 2011 at 11:07 AM, Michael Lubinski
> > > > <michael.lubinski () gmail com> wrote:
> > > > > To trim off the fat, what will importing a NeXpose scan into the 3D system
> > > > > accomplish. I guess I'm just not familiar enough with the system in general
> > > > > to make the connection here. If anyone could clue me in a bit, even
> > > > > off-list, that would be awesome. Thanks!
> > > > >
> > > > >
> > > > > On Mon, Apr 11, 2011 at 10:49 AM, Gibson, Nathan J. (HSC)
> > > > > <Nathan-Gibson () ouhsc edu> wrote:
> > > > > > http://www.rapid7.com/news-events/press-releases/2011/2011-sourcefire.jsp
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > GIBBY
> > > > > > _____________________________
> > > > > >
> > > > > > Nathan J. Gibson, MsIA, CISSP, CISM,CCNA, MCSA
> > > > > > IT Architect
> > > > > > Infrastructure Services
> > > > > > The University of Oklahoma HSC
> > > > > >
> > > > > > voice: 405.271.2644 x50340
> > > > > > fax:    405.271.2181
> > > > > >
> > > > > > Feedback?  Email comments to Chris Hodges
> > > > > >
> > > > > > --------------------------
> > > > > > CONFIDENTIALITY NOTICE: This e-mail communication and any attachments may
> > > > > > contain confidential and privileged information for the use of the
> > > > > > designated recipients named above. If you are not the intended recipient,
> > > > > > you are hereby notified that you have received this communication in error
> > > > > > and that any review, disclosure, dissemination, distribution or copying of
> > > > > > it or its contents is prohibited. If you have received this communication in
> > > > > > error, please destroy all copies of this communication and any attachments.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > ------------------------------------------------------------------------------
> > > > > > Xperia(TM) PLAY
> > > > > > It's a major breakthrough. An authentic gaming
> > > > > > smartphone on the nation's most reliable network.
> > > > > > And it wants your games.
> > > > > > http://p.sf.net/sfu/verizon-sfdev
> > > > > > _______________________________________________
> > > > > > Snort-users mailing list
> > > > > > Snort-users () lists sourceforge net
> > > > > > Go to this URL to change user options or unsubscribe:
> > > > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > > > Snort-users list archive:
> > > > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > > >
> > > > >
> > > > > ------------------------------------------------------------------------------
> > > > > Xperia(TM) PLAY
> > > > > It's a major breakthrough. An authentic gaming
> > > > > smartphone on the nation's most reliable network.
> > > > > And it wants your games.
> > > > > http://p.sf.net/sfu/verizon-sfdev
> > > > > _______________________________________________
> > > > > Snort-users mailing list
> > > > > Snort-users () lists sourceforge net
> > > > > Go to this URL to change user options or unsubscribe:
> > > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > > Snort-users list archive:
> > > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > >
> > > > ------------------------------------------------------------------------------
> > > > Xperia(TM) PLAY
> > > > It's a major breakthrough. An authentic gaming
> > > > smartphone on the nation's most reliable network.
> > > > And it wants your games.
> > > > http://p.sf.net/sfu/verizon-sfdev
> > > > _______________________________________________
> > > > Snort-users mailing list
> > > > Snort-users () lists sourceforge net
> > > > Go to this URL to change user options or unsubscribe:
> > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > Snort-users list archive:
> > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> > > ------------------------------------------------------------------------------
> > > Xperia(TM) PLAY
> > > It's a major breakthrough. An authentic gaming
> > > smartphone on the nation's most reliable network.
> > > And it wants your games.
> > > http://p.sf.net/sfu/verizon-sfdev
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> > ------------------------------------------------------------------------------
> > Xperia(TM) PLAY
> > It's a major breakthrough. An authentic gaming
> > smartphone on the nation's most reliable network.
> > And it wants your games.
> > http://p.sf.net/sfu/verizon-sfdev
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> -- 
> Regards,
>
> Jason.


------------------------------------------------------------------------------
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users