PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Vulnerability Tracking & Management

From: Josh Little <josh () zombietango com>
Date: Fri, 11 Feb 2011 08:47:30 -0500
Our Qualys install is handled through our offsite datacenter provider for
our major production systems. We tell them when to run the thing and we get
a PDF back. One of my goals for the next quarter is to get a higher level of
control over how that system is run and our relationship with the provider
in general, at least in terms of their hosted toolset.

Our SIEM (LogRhythm) may not accept scan results as it is primarily log
centric. We also have a RedSeal install. That will do about a third of what
I'm looking for since it can import Qualys and Nessus scan results, track
them, and note when any problems have been resolved. But it can't do
anything with the app, db, and manual testing that we do, nor can it report
out and track assignments etc.

I have a feeling I'm going to have to mock something up myself.

ZT

On Fri, Feb 11, 2011 at 8:19 AM, Mike Patterson <mike () snowcrash ca> wrote:


Interfaces with other service and tracking technologies (I assume you
mean things like Remedy, Request Tracker, etc) is generally through
SMTP, at least for the commercial VA tools. Some will do SNMP traps,
most have XML type interfaces, so if you want to do some coding, you can
probably make it work.

If you already have the SIEM though, probably the easiest way to
accomplish ticketing type stuff is to push things to your SIEM and have
whatever mechanism you have in place there (you have something in place
there, right?) handle the pushing out to other groups.

You already have Qualys too. Are its reporting functions insufficient,
or are you using it in a more limited fashion?

On 11-02-10 2:44 PM, Josh Little wrote:

We already have a large SIEM implementation in place, so duplicating that
would be a non-starter. I'll keep enVision in the hat for the next time

that

a tech refresh comes into play. If it helps, these are the technologies

we

are trying to consolidate reporting/tracking for:

Nessus
Qualys
IBM Appscan
DBProtect
Whitehat Sentinal
Manual Testing

Thanks,
ZT

On Thu, Feb 10, 2011 at 2:22 PM, Butturini, Russell <
Russell.Butturini () healthways com> wrote:


This is also something that RSA envision does (It can even conduct the
assessments for you), but it ain’t cheap J



*From:* pauldotcom-bounces () mail pauldotcom com [mailto:
pauldotcom-bounces () mail pauldotcom com] *On Behalf Of *Chesmore,

Michael

[DAS]
*Sent:* Thursday, February 10, 2011 1:19 PM
*To:* PaulDotCom Security Weekly Mailing List
*Subject:* Re: [Pauldotcom] Vulnerability Tracking & Management



I think you are talking about a hybrid SIEM type system.



We looked at OSSIM (Open Source Security Information Manager)a year or

so

ago.  I had pretty good things to say about it on one hand and some
shortfalls on the other.  It is 100% open source, it uses all the

standard

“tools” that we have used in security for years so it takes a default

NMAP

scan or Nessus scan right into the DB.  It has an inventory piece and a
ticketing piece.  The challenge is that they want it to be an

“all-in-one”

suite of software.  So out of the box it works great, if you install

their

sensors, and their mgmt server it really is slick.  For a SMB I would

highly

recommend it.  Their support is ok through the forums.  In my opinion it

is

not a large enterprise solution unless you are ready to write some

“glue”

scripting to take what you already have in place and format it correctly

to

go into OSSIM.  We might still go down this route.  If you have the
scripting skills (and the time) it could be a really viable alternative.



Mike



*From:* pauldotcom-bounces () mail pauldotcom com [mailto:
pauldotcom-bounces () mail pauldotcom com] *On Behalf Of *Josh Little
*Sent:* Thursday, February 10, 2011 1:03 PM
*To:* pauldotcom () mail pauldotcom com
*Subject:* [Pauldotcom] Vulnerability Tracking & Management



Hey all. I'm looking for a better way to manage items discovered through
our vulnerability assessments, application reviews, pentests, etc. in a
centralized manner rather than spreadsheets, manual reports, etc. I'd

like

such a system to consume exported reports from various different

commercial

and open-source scanning technologies as well as manual entries, track

the

state of these, and allow me to export data that would go into our

metrics

initiative. This would need to work with application, database, and

system

vulnerability reports. Not concerned whether it is open source or
commercial.



As a bonus it would be great if it could interface with other service

and

issue tracking technologies so that I can push tasks to the appropriate
teams and have it appear in their native operating tool.



Anybody know of such a beast?



ZT



******************************************************************************

This email contains confidential and proprietary information and is not

to be used or disclosed to anyone other than the named recipient of this
email,

and is to be used only for the intended purpose of this communication.


******************************************************************************



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com





_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: