[Snort-users] Threat Management

Hicks, John JHicks at ...5857...
Wed Aug 7 10:27:03 EDT 2002


An execlent paper indeed. I've been thinking about this concept for a while
now. My initial thoughts was a simple perl-based system that would correlate
enteries from Snort with a saved, recent copy of a nessus scan to provide
more intelligent aleting according to what ports and services are
registered.

Despite how you do it, I think that the Asset DB alone would increase IDS
effectiveness ten-fold. The current issues I see around here don't have to
do with tuning rulesets to whats on the network, it has to do with the fack
that idiot contractor #10 brought his system in and it has X services
running that weren't on my network 24 hours ago.

cheers,
John Hicks

-----Original Message-----
From: Steve Scott [mailto:sjscott007 at ...741...]
Sent: Monday, August 05, 2002 9:59 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Threat Management


I recently finished a paper on the Threat Management space and would
like to share my findings will others.  We are currently in the process
of evaluating solutions in this space.  While its not 100 percent
complete it will provide an understanding of the concept.  As I progress
with the project I will continue to expand the paper. 

You can find it here:  http://home.earthlink.net/~sjscott007/

Regards,

Steve





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list