Snort mailing list archives
AW: snort and nessus
From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Wed, 20 Mar 2002 08:44:26 +0100
I'm also looking for event/alert correlation tools commercial or - preferrably - open source to include correlation of nessus reports and snort alerts from distributed sensors but also to be highly adjustable to correlate other logfiles too, e.g. proxy, firewall logs, to get more information even when snort does not have e.g. internal ip# or userids because of proxy-chains. I found SEC (http://kodu.neti.ee/~risto/sec/) which could solve that problem but not as deep as I would have it. I also made some thoughts on that issue and this tends to be a high quality project which is not that easy to implement as I first thought. Anyone already thought of that or is implementing such an application? Ciao, Sandro
Hi, Serious question this, very important. I'd like to scan my machines for vulnerabilities with nessus and then automatically make snort only report positive attacks for those particular vulnerablities. In theory (and I'll take the chance) anything else is a false positive. Has anyone done this, thought of doing this, tried this? Or any other comments? Allen Baranov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: snort and nessus Poppi, Sandro (Mar 20)