AW: snort and nessus

["Poppi, Sandro" <Sandro.Poppi () wacker com>]

I'm also looking for event/alert correlation tools commercial or -
preferrably - open source to include correlation of nessus reports and snort
alerts from distributed sensors but also to be highly adjustable to
correlate other logfiles too, e.g. proxy, firewall logs, to get more
information even when snort does not have e.g. internal ip# or userids
because of proxy-chains.

I found SEC (http://kodu.neti.ee/~risto/sec/) which could solve that problem
but not as deep as I would have it.

I also made some thoughts on that issue and this tends to be a high quality
project which is not that easy to implement as I first thought.

Anyone already thought of that or is implementing such an application?

Ciao,
Sandro

> Hi,
>
> Serious question this, very important.
>
> I'd like to scan my machines for vulnerabilities with nessus and then 
> automatically make snort only report positive attacks for 
> those particular 
> vulnerablities. In theory (and I'll take the chance) anything 
> else is a false 
> positive. 
>
> Has anyone done this, thought of doing this, tried this?
>
> Or any other comments?
>
> Allen Baranov
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users