IDS mailing list archives

Re: Vulnerability and IDS

From: "Chris Kirschke" <durnie () hushmail com>
Date: Tue, 30 Dec 2003 11:49:36 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Take a long hard look at the Lightning product from Tenable Security...
I'm currently trying to integrate it with Guarded Net's NeuSecure product,
 details to follow...

durnie

On Tue, 30 Dec 2003 08:43:29 -0800 Krzysztof Zaraska <kzaraska () student uci agh edu pl>
wrote:

On Mon, 29 Dec 2003, Kal wrote:

Hello Listees,

Hi,

Are there any products that support matching IDS alerts to
Vulnerability scanner results?


Prelude's (www.prelude-ids.org) frontend ships with a Perl script,

nsr2flt.pl which takes output of the Nessus scanner and converts
it to a
filter that can be applied to the alert database to see alerts relevant
to
a given service.

There's also a set of stand-alone scripts doing the same thing available
at: http://www.rstack.org/oudot/prelude/correlation/

Unfortunately I am unable to authoritatively comment on details
of these
solutions, but I'm sure that a question sent to prelude-user mailing
list
will give you a competent answer. :-)

[Standard disclaimer: I may be biased because of personal involvement
in
the Prelude project.]

// Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl
// http://mops.uci.agh.edu.pl/~kzaraska/ * http://www.prelude-ids.org/
// A dream will always triumph over reality, once it is given the
chance.
//             -- Stanislaw Lem




----------------------------------------------------------------
-----------
----------------------------------------------------------------
-----------

Current thread:

Vulnerability and IDS Kal (Dec 29)
- Re: Vulnerability and IDS Ron Gula (Dec 29)
- Re: Vulnerability and IDS Mike Lyman (Dec 29)
- Re: Vulnerability and IDS Krzysztof Zaraska (Dec 30)
- <Possible follow-ups>
- RE: Vulnerability and IDS Teicher, Mark (Mark) (Dec 29)
- Re: Vulnerability and IDS Chris Kirschke (Dec 30)