Snort mailing list archives
BASE and Bigfix part 2
From: "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>
Date: Tue, 28 Sep 2010 10:42:17 -0600
I don't know if anybody is interested or not, but I finished the second (and probably last) part of integrating Bigfix with BASE. In the Unique IP Links (I chose this screen because I tend to use it to view the alerts, and I didn't want to bog things down when viewing a screen full of alerts), the fully qualified domain name is displayed in a red font if the CVE from the alert matches a CVE of a vulnerability that exists on the computer as reported by Bigfix. This gives a quick visual indication for false positives (for me). Now, I'd like to see the CVE tag used in the Emerging Threats rules where/if applicable, and some sort of integration with my Nessus scan results (although these are only done quarterly so have less relevance than the Bigfix results, which are practically real-time.) Anyway, my hats off to Kevin Johnson and the BASE team for doing BASE in the first place and making the BASE code so easy to hack on. And of course the Bigfix folks, whose product is five kinds of awesome. -- Shawn
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- BASE and Bigfix part 2 Jefferson, Shawn (Sep 28)