IDS mailing list archives

Re: Vulnerability and IDS

From: Krzysztof Zaraska <kzaraska () student uci agh edu pl>
Date: Tue, 30 Dec 2003 17:43:29 +0100 (CET)

On Mon, 29 Dec 2003, Kal wrote:

Hello Listees,

Hi,

Are there any products that support matching IDS alerts to
Vulnerability scanner results?


Prelude's (www.prelude-ids.org) frontend ships with a Perl script,
nsr2flt.pl which takes output of the Nessus scanner and converts it to a
filter that can be applied to the alert database to see alerts relevant to
a given service. 

There's also a set of stand-alone scripts doing the same thing available
at: http://www.rstack.org/oudot/prelude/correlation/

Unfortunately I am unable to authoritatively comment on details of these
solutions, but I'm sure that a question sent to prelude-user mailing list
will give you a competent answer. :-)

[Standard disclaimer: I may be biased because of personal involvement in
the Prelude project.]

// Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl
// http://mops.uci.agh.edu.pl/~kzaraska/ * http://www.prelude-ids.org/
// A dream will always triumph over reality, once it is given the chance.
//              -- Stanislaw Lem




---------------------------------------------------------------------------
---------------------------------------------------------------------------

Current thread:

Vulnerability and IDS Kal (Dec 29)
- Re: Vulnerability and IDS Ron Gula (Dec 29)
- Re: Vulnerability and IDS Mike Lyman (Dec 29)
- Re: Vulnerability and IDS Krzysztof Zaraska (Dec 30)
- <Possible follow-ups>
- RE: Vulnerability and IDS Teicher, Mark (Mark) (Dec 29)
- Re: Vulnerability and IDS Chris Kirschke (Dec 30)