[Snort-users] Rapid7 and Snort....Good Things from this I think

Joel Esler jesler at ...1935...
Mon Apr 11 12:53:48 EDT 2011


We integrate with a bunch of things.  Rapid7, Qualys, Nessus, Nmap, etc.  More and more coming all the time.  We have a website dedicated to just these types of tools that integrate with the Sourcefire Defense Center, not sure when that'll be announced (or if it was, did I miss it?)

Joel

On Apr 11, 2011, at 12:42 PM, Jason Wallace wrote:

> Enhancing RNA rule recommendations and having host vulnerability data
> readily available are both great, but the biggest thing this adds is
> the effect on the impact flag for an alert.
> 
> When your IPS console knows that host x.x.x.x is vulnerable to
> MSYY-xxxx or CVE-YYYY-xxxx and one of your sensors triggers an alert
> for a rule designed to detect that specific threat, then the console
> can correlate that data to increase the priority (impact) of that
> alert.
> 
> This allows an analyst to identify alerts that should be examined
> immediately. It can also provides more assurance regrading
> implementing certain types of automated responses like firewall shuns
> or null routes on routers.
> 
> Sourcefire systems also integrate with Qualys data and a number of
> SIEM solutions such as QRadar. QRadar also integrates with a number of
> vulnerability scanners too. When your IPS, vulnerability management
> tool, and SIEM all work together the result if friggen' awesome...
> 
> Thx,
> Wally
> 
> 
> 
> On Mon, Apr 11, 2011 at 12:17 PM, Albert R. Campa <abcampa at ...11827...> wrote:
>> i guess it would enhance RNA? There is only so much you can detect
>> sniffing traffic passively. If you can import credentialed vuln
>> information, your RNA recommended rules would be pretty tight.
>> 
>> 
>> 
>> On Mon, Apr 11, 2011 at 11:07 AM, Michael Lubinski
>> <michael.lubinski at ...11827...> wrote:
>>> To trim off the fat, what will importing a NeXpose scan into the 3D system
>>> accomplish. I guess I'm just not familiar enough with the system in general
>>> to make the connection here. If anyone could clue me in a bit, even
>>> off-list, that would be awesome. Thanks!
>>> 
>>> 
>>> On Mon, Apr 11, 2011 at 10:49 AM, Gibson, Nathan J. (HSC)
>>> <Nathan-Gibson at ...15095...> wrote:
>>>> 
>>>> http://www.rapid7.com/news-events/press-releases/2011/2011-sourcefire.jsp
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> GIBBY
>>>> _____________________________
>>>> 
>>>> Nathan J. Gibson, MsIA, CISSP, CISM,CCNA, MCSA
>>>> IT Architect
>>>> Infrastructure Services
>>>> The University of Oklahoma HSC
>>>> 
>>>> voice: 405.271.2644 x50340
>>>> fax:    405.271.2181
>>>> 
>>>> Feedback?  Email comments to Chris Hodges
>>>> 
>>>> --------------------------
>>>> CONFIDENTIALITY NOTICE: This e-mail communication and any attachments may
>>>> contain confidential and privileged information for the use of the
>>>> designated recipients named above. If you are not the intended recipient,
>>>> you are hereby notified that you have received this communication in error
>>>> and that any review, disclosure, dissemination, distribution or copying of
>>>> it or its contents is prohibited. If you have received this communication in
>>>> error, please destroy all copies of this communication and any attachments.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> ------------------------------------------------------------------------------
>>>> Xperia(TM) PLAY
>>>> It's a major breakthrough. An authentic gaming
>>>> smartphone on the nation's most reliable network.
>>>> And it wants your games.
>>>> http://p.sf.net/sfu/verizon-sfdev
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>> 
>>> 
>>> ------------------------------------------------------------------------------
>>> Xperia(TM) PLAY
>>> It's a major breakthrough. An authentic gaming
>>> smartphone on the nation's most reliable network.
>>> And it wants your games.
>>> http://p.sf.net/sfu/verizon-sfdev
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>> 
>> 
>> ------------------------------------------------------------------------------
>> Xperia(TM) PLAY
>> It's a major breakthrough. An authentic gaming
>> smartphone on the nation's most reliable network.
>> And it wants your games.
>> http://p.sf.net/sfu/verizon-sfdev
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> 
> 
> ------------------------------------------------------------------------------
> Xperia(TM) PLAY
> It's a major breakthrough. An authentic gaming
> smartphone on the nation's most reliable network.
> And it wants your games.
> http://p.sf.net/sfu/verizon-sfdev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list