IDS mailing list archives
Re: Snort and Nessus Signature
From: Jason <security () brvenik com>
Date: Fri, 16 Sep 2005 22:13:23 -0400
bmc created a perl script to do this back in 2002. The script is called honeysuckle and can be found here
http://www.shmoo.com/~bmc/software/honeysuckle #!/usr/bin/perl # honeysuckle - Vulnerability Correlation with snort & nessus # # Copyright (C) 2002 Brian Caswell <bmc () snort org> ## "Any sufficiently advanced technology is indistinguishable from a simple perl
# script" ## honeysuckle is an implementation of IDS alert & vulnerabity correlation based # on snort alerts & nessus scan. We modify our priority in attempt to get our
# monitor jockies to focus on the really important stuff. # # I don't know about you, but when someone is shooting bullets at me, I # would like to know they are shooting at me, even if they miss. ## (If you want to be dumb, err... ignore attacks that "you are not vulnerable
# to" move the print line to be inside of the last if statement) # # This code uses Nessus reports and snort's sig-msg.map to handle mappings # via CVE maps. We take CSV input of the following format: # srcip,dstip,priority,event ... cruxiezzzzz () yahoo com wrote:
Hi All,I am doing some research into integrating Snort and Nessus together. Just wondering if there are any Snort or Nessus Experts out there that can tell me if there are using the same tables for their signatures? cause i understand that they both use the CVE and BID tracking. Not to sure bout the way their signatures are stored though. would be great if anyone out there can shed some light on this. thanks alot Crux------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.------------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------
Current thread:
- Snort and Nessus Signature cruxiezzzzz (Sep 16)
- Re: Snort and Nessus Signature Jason (Sep 19)
- Re: Snort and Nessus Signature Vikram Phatak (Sep 19)
- Re: Snort and Nessus Signature Michael Sierchio (Sep 21)
- Re: Snort and Nessus Signature Ron Gula (Sep 22)
- Re: Snort and Nessus Signature Olaf Gellert (Sep 26)
- Re: Snort and Nessus Signature Ron Gula (Sep 26)
- Re: Snort and Nessus Signature Michael Sierchio (Sep 21)
- Re: Snort and Nessus Signature Jason (Sep 26)
- Re: Snort and Nessus Signature Vikram Phatak (Sep 26)
- Re: Snort and Nessus Signature Jason (Sep 26)
- Re: Snort and Nessus Signature Vikram Phatak (Sep 26)