Snort mailing list archives
Re: Rapid7 and Snort....Good Things from this I think
From: Martin Holste <mcholste () gmail com>
Date: Mon, 11 Apr 2011 11:34:41 -0500
i guess it would enhance RNA? There is only so much you can detect sniffing traffic passively. If you can import credentialed vuln information, your RNA recommended rules would be pretty tight.
All very true, though this only applies to the signatures which detect exploits on the wire. (If Snort rules which look for exploitation were tagged "exploit," then it would be easy to find out how many rules could be automatically tuned out by knowing to which exploits you're vulnerable.) As it stands, it would be somewhat tricky to definitively identify all such rules, though grepping for "exploit" would probably get you a ballpark figure as to the CPU savings the coupling could provide. I should also point out that one would be putting a lot of faith in any company, Rapid7 included, to be accurate in their testing enough to confidently stop looking for exploits on the wire. If the Rapid7 check failed to detect an existing vulnerability through either the test or result administration, then if you either disabled the corresponding exploit rule or disregarded an uncorrelated alert, you would fail to act on a successful exploit. Caveats aside, it's definitely a nice addition. ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rapid7 and Snort....Good Things from this I think Gibson, Nathan J. (HSC) (Apr 11)
- Re: Rapid7 and Snort....Good Things from this I think Michael Lubinski (Apr 11)
- Re: Rapid7 and Snort....Good Things from this I think Jefferson, Shawn (Apr 11)
- Re: Rapid7 and Snort....Good Things from this I think Albert R. Campa (Apr 11)
- Re: Rapid7 and Snort....Good Things from this I think Ray Caparros (Apr 11)
- Re: Rapid7 and Snort....Good Things from this I think Martin Holste (Apr 11)
- Re: Rapid7 and Snort....Good Things from this I think Chris Jacob (Apr 11)
- Re: Rapid7 and Snort....Good Things from this I think Jason Wallace (Apr 11)
- Re: Rapid7 and Snort....Good Things from this I think Joel Esler (Apr 11)
- Re: Rapid7 and Snort....Good Things from this I think Jason Brvenik (Apr 11)
- Re: Rapid7 and Snort....Good Things from this I think Joel Esler (Apr 11)
- Re: Rapid7 and Snort....Good Things from this I think Alan Ptak (Apr 11)
- Problem with snort,oinkmaster, and feed Carney, Megan (Apr 12)
- Re: Rapid7 and Snort....Good Things from this I think Michael Lubinski (Apr 11)