[Snort-users] BASE and Bigfix part 2

Jefferson, Shawn Shawn.Jefferson at ...14448...
Tue Sep 28 12:42:17 EDT 2010

I don't know if anybody is interested or not, but I finished the second (and probably last) part of integrating Bigfix with BASE.  In the Unique IP Links (I chose this screen because I tend to use it to view the alerts, and I didn't want to bog things down when viewing a screen full of alerts), the fully qualified domain name is displayed in a red font if the CVE from the alert matches a CVE of a vulnerability that exists on the computer as reported by Bigfix.  This gives a quick visual indication for false positives (for me).

Now, I'd like to see the CVE tag used in the Emerging Threats rules where/if applicable, and some sort of integration with my Nessus scan results (although these are only done quarterly so have less relevance than the Bigfix results, which are practically real-time.)

Anyway, my hats off to Kevin Johnson and the BASE team for doing BASE in the first place and making the BASE code so easy to hack on.  And of course the Bigfix folks, whose product is five kinds of awesome.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100928/381d8673/attachment.html>

More information about the Snort-users mailing list