[Snort-users] Rapid7 and Snort....Good Things from this I think

Chris Jacob cjacob at ...1935...
Mon Apr 11 12:40:16 EDT 2011


RNA and Active Scanners typically play different roles. An active scanner
sees a new host, makes a note and starts interrogating it to build a list of
vulns. RNA sees a new host and makes note that it's vulnerable to everything
until it can prove otherwise. It continues to watch for more information,
trimming the vulns as it gains understanding. Why? Because while false
positives are annoying, false negatives are unacceptable.

That being said, the information gained from both technologies can
be extremely complementary. Customers wanted to leverage active scanners,
asset management, and other tools to augment the real-time and contextual
data provided by RNA. These requests resulted in additional APIs. We love
APIs. :)

~chris


On Mon, Apr 11, 2011 at 12:17 PM, Albert R. Campa <abcampa at ...11827...> wrote:

> i guess it would enhance RNA? There is only so much you can detect
> sniffing traffic passively. If you can import credentialed vuln
> information, your RNA recommended rules would be pretty tight.
>
>
>
> On Mon, Apr 11, 2011 at 11:07 AM, Michael Lubinski
> <michael.lubinski at ...11827...> wrote:
> > To trim off the fat, what will importing a NeXpose scan into the 3D
> system
> > accomplish. I guess I'm just not familiar enough with the system in
> general
> > to make the connection here. If anyone could clue me in a bit, even
> > off-list, that would be awesome. Thanks!
> >
> >
> > On Mon, Apr 11, 2011 at 10:49 AM, Gibson, Nathan J. (HSC)
> > <Nathan-Gibson at ...15095...> wrote:
> >>
> >>
> http://www.rapid7.com/news-events/press-releases/2011/2011-sourcefire.jsp
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> GIBBY
> >> _____________________________
> >>
> >> Nathan J. Gibson, MsIA, CISSP, CISM,CCNA, MCSA
> >> IT Architect
> >> Infrastructure Services
> >> The University of Oklahoma HSC
> >>
> >> voice: 405.271.2644 x50340
> >> fax:    405.271.2181
> >>
> >> Feedback?  Email comments to Chris Hodges
> >>
> >> --------------------------
> >> CONFIDENTIALITY NOTICE: This e-mail communication and any attachments
> may
> >> contain confidential and privileged information for the use of the
> >> designated recipients named above. If you are not the intended
> recipient,
> >> you are hereby notified that you have received this communication in
> error
> >> and that any review, disclosure, dissemination, distribution or copying
> of
> >> it or its contents is prohibited. If you have received this
> communication in
> >> error, please destroy all copies of this communication and any
> attachments.
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> Xperia(TM) PLAY
> >> It's a major breakthrough. An authentic gaming
> >> smartphone on the nation's most reliable network.
> >> And it wants your games.
> >> http://p.sf.net/sfu/verizon-sfdev
> >> _______________________________________________
> >> Snort-users mailing list
> >> Snort-users at lists.sourceforge.net
> >> Go to this URL to change user options or unsubscribe:
> >> https://lists.sourceforge.net/lists/listinfo/snort-users
> >> Snort-users list archive:
> >> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> >
> ------------------------------------------------------------------------------
> > Xperia(TM) PLAY
> > It's a major breakthrough. An authentic gaming
> > smartphone on the nation's most reliable network.
> > And it wants your games.
> > http://p.sf.net/sfu/verizon-sfdev
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
>
> ------------------------------------------------------------------------------
> Xperia(TM) PLAY
> It's a major breakthrough. An authentic gaming
> smartphone on the nation's most reliable network.
> And it wants your games.
> http://p.sf.net/sfu/verizon-sfdev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110411/d9509745/attachment.html>


More information about the Snort-users mailing list