AW: [Snort-users] snort and nessus

Poppi, Sandro Sandro.Poppi at ...3316...
Tue Mar 19 23:45:07 EST 2002


I'm also looking for event/alert correlation tools commercial or -
preferrably - open source to include correlation of nessus reports and snort
alerts from distributed sensors but also to be highly adjustable to
correlate other logfiles too, e.g. proxy, firewall logs, to get more
information even when snort does not have e.g. internal ip# or userids
because of proxy-chains.

I found SEC (http://kodu.neti.ee/~risto/sec/) which could solve that problem
but not as deep as I would have it.

I also made some thoughts on that issue and this tends to be a high quality
project which is not that easy to implement as I first thought.

Anyone already thought of that or is implementing such an application?

Ciao,
Sandro

> Hi,
> 
> Serious question this, very important.
> 
> I'd like to scan my machines for vulnerabilities with nessus and then 
> automatically make snort only report positive attacks for 
> those particular 
> vulnerablities. In theory (and I'll take the chance) anything 
> else is a false 
> positive. 
> 
> Has anyone done this, thought of doing this, tried this?
> 
> Or any other comments?
> 
> Allen Baranov
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list