IDS mailing list archives
Re: Vulnerability and IDS
From: Krzysztof Zaraska <kzaraska () student uci agh edu pl>
Date: Tue, 30 Dec 2003 17:43:29 +0100 (CET)
On Mon, 29 Dec 2003, Kal wrote:
Hello Listees,
Hi,
Are there any products that support matching IDS alerts to Vulnerability scanner results?
Prelude's (www.prelude-ids.org) frontend ships with a Perl script, nsr2flt.pl which takes output of the Nessus scanner and converts it to a filter that can be applied to the alert database to see alerts relevant to a given service. There's also a set of stand-alone scripts doing the same thing available at: http://www.rstack.org/oudot/prelude/correlation/ Unfortunately I am unable to authoritatively comment on details of these solutions, but I'm sure that a question sent to prelude-user mailing list will give you a competent answer. :-) [Standard disclaimer: I may be biased because of personal involvement in the Prelude project.] // Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl // http://mops.uci.agh.edu.pl/~kzaraska/ * http://www.prelude-ids.org/ // A dream will always triumph over reality, once it is given the chance. // -- Stanislaw Lem --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Vulnerability and IDS Kal (Dec 29)
- Re: Vulnerability and IDS Ron Gula (Dec 29)
- Re: Vulnerability and IDS Mike Lyman (Dec 29)
- Re: Vulnerability and IDS Krzysztof Zaraska (Dec 30)
- <Possible follow-ups>
- RE: Vulnerability and IDS Teicher, Mark (Mark) (Dec 29)
- Re: Vulnerability and IDS Chris Kirschke (Dec 30)