[Snort-users] Rapid7 and Snort....Good Things from this I think

Jason Wallace jason.r.wallace at ...11827...
Mon Apr 11 12:42:16 EDT 2011


Enhancing RNA rule recommendations and having host vulnerability data
readily available are both great, but the biggest thing this adds is
the effect on the impact flag for an alert.

When your IPS console knows that host x.x.x.x is vulnerable to
MSYY-xxxx or CVE-YYYY-xxxx and one of your sensors triggers an alert
for a rule designed to detect that specific threat, then the console
can correlate that data to increase the priority (impact) of that
alert.

This allows an analyst to identify alerts that should be examined
immediately. It can also provides more assurance regrading
implementing certain types of automated responses like firewall shuns
or null routes on routers.

Sourcefire systems also integrate with Qualys data and a number of
SIEM solutions such as QRadar. QRadar also integrates with a number of
vulnerability scanners too. When your IPS, vulnerability management
tool, and SIEM all work together the result if friggen' awesome...

Thx,
Wally



On Mon, Apr 11, 2011 at 12:17 PM, Albert R. Campa <abcampa at ...11827...> wrote:
> i guess it would enhance RNA? There is only so much you can detect
> sniffing traffic passively. If you can import credentialed vuln
> information, your RNA recommended rules would be pretty tight.
>
>
>
> On Mon, Apr 11, 2011 at 11:07 AM, Michael Lubinski
> <michael.lubinski at ...11827...> wrote:
>> To trim off the fat, what will importing a NeXpose scan into the 3D system
>> accomplish. I guess I'm just not familiar enough with the system in general
>> to make the connection here. If anyone could clue me in a bit, even
>> off-list, that would be awesome. Thanks!
>>
>>
>> On Mon, Apr 11, 2011 at 10:49 AM, Gibson, Nathan J. (HSC)
>> <Nathan-Gibson at ...15095...> wrote:
>>>
>>> http://www.rapid7.com/news-events/press-releases/2011/2011-sourcefire.jsp
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> GIBBY
>>> _____________________________
>>>
>>> Nathan J. Gibson, MsIA, CISSP, CISM,CCNA, MCSA
>>> IT Architect
>>> Infrastructure Services
>>> The University of Oklahoma HSC
>>>
>>> voice: 405.271.2644 x50340
>>> fax:    405.271.2181
>>>
>>> Feedback?  Email comments to Chris Hodges
>>>
>>> --------------------------
>>> CONFIDENTIALITY NOTICE: This e-mail communication and any attachments may
>>> contain confidential and privileged information for the use of the
>>> designated recipients named above. If you are not the intended recipient,
>>> you are hereby notified that you have received this communication in error
>>> and that any review, disclosure, dissemination, distribution or copying of
>>> it or its contents is prohibited. If you have received this communication in
>>> error, please destroy all copies of this communication and any attachments.
>>>
>>>
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Xperia(TM) PLAY
>>> It's a major breakthrough. An authentic gaming
>>> smartphone on the nation's most reliable network.
>>> And it wants your games.
>>> http://p.sf.net/sfu/verizon-sfdev
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>>
>> ------------------------------------------------------------------------------
>> Xperia(TM) PLAY
>> It's a major breakthrough. An authentic gaming
>> smartphone on the nation's most reliable network.
>> And it wants your games.
>> http://p.sf.net/sfu/verizon-sfdev
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>
> ------------------------------------------------------------------------------
> Xperia(TM) PLAY
> It's a major breakthrough. An authentic gaming
> smartphone on the nation's most reliable network.
> And it wants your games.
> http://p.sf.net/sfu/verizon-sfdev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list