[Snort-users] Rapid7 and Snort....Good Things from this I think

Jason Brvenik jasonb at ...1935...
Mon Apr 11 13:07:00 EDT 2011


You talking about SourcefireNation?

https://community.sourcefire.com/ is live and readily available.

The integration stuff is in downloads -
https://community.sourcefire.com/downloads

On Mon, Apr 11, 2011 at 12:53 PM, Joel Esler <jesler at ...1935...> wrote:
> We integrate with a bunch of things.  Rapid7, Qualys, Nessus, Nmap, etc.  More and more coming all the time.  We have a website dedicated to just these types of tools that integrate with the Sourcefire Defense Center, not sure when that'll be announced (or if it was, did I miss it?)
>
> Joel
>
> On Apr 11, 2011, at 12:42 PM, Jason Wallace wrote:
>
>> Enhancing RNA rule recommendations and having host vulnerability data
>> readily available are both great, but the biggest thing this adds is
>> the effect on the impact flag for an alert.
>>
>> When your IPS console knows that host x.x.x.x is vulnerable to
>> MSYY-xxxx or CVE-YYYY-xxxx and one of your sensors triggers an alert
>> for a rule designed to detect that specific threat, then the console
>> can correlate that data to increase the priority (impact) of that
>> alert.
>>
>> This allows an analyst to identify alerts that should be examined
>> immediately. It can also provides more assurance regrading
>> implementing certain types of automated responses like firewall shuns
>> or null routes on routers.
>>
>> Sourcefire systems also integrate with Qualys data and a number of
>> SIEM solutions such as QRadar. QRadar also integrates with a number of
>> vulnerability scanners too. When your IPS, vulnerability management
>> tool, and SIEM all work together the result if friggen' awesome...
>>
>> Thx,
>> Wally
>>
>>
>>
>> On Mon, Apr 11, 2011 at 12:17 PM, Albert R. Campa <abcampa at ...11827...> wrote:
>>> i guess it would enhance RNA? There is only so much you can detect
>>> sniffing traffic passively. If you can import credentialed vuln
>>> information, your RNA recommended rules would be pretty tight.
>>>
>>>
>>>
>>> On Mon, Apr 11, 2011 at 11:07 AM, Michael Lubinski
>>> <michael.lubinski at ...11827...> wrote:
>>>> To trim off the fat, what will importing a NeXpose scan into the 3D system
>>>> accomplish. I guess I'm just not familiar enough with the system in general
>>>> to make the connection here. If anyone could clue me in a bit, even
>>>> off-list, that would be awesome. Thanks!
>>>>
>>>>
>>>> On Mon, Apr 11, 2011 at 10:49 AM, Gibson, Nathan J. (HSC)
>>>> <Nathan-Gibson at ...15095...> wrote:
>>>>>
>>>>> http://www.rapid7.com/news-events/press-releases/2011/2011-sourcefire.jsp
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> GIBBY
>>>>> _____________________________
>>>>>
>>>>> Nathan J. Gibson, MsIA, CISSP, CISM,CCNA, MCSA
>>>>> IT Architect
>>>>> Infrastructure Services
>>>>> The University of Oklahoma HSC
>>>>>
>>>>> voice: 405.271.2644 x50340
>>>>> fax:    405.271.2181
>>>>>
>>>>> Feedback?  Email comments to Chris Hodges
>>>>>
>>>>> --------------------------
>>>>> CONFIDENTIALITY NOTICE: This e-mail communication and any attachments may
>>>>> contain confidential and privileged information for the use of the
>>>>> designated recipients named above. If you are not the intended recipient,
>>>>> you are hereby notified that you have received this communication in error
>>>>> and that any review, disclosure, dissemination, distribution or copying of
>>>>> it or its contents is prohibited. If you have received this communication in
>>>>> error, please destroy all copies of this communication and any attachments.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Xperia(TM) PLAY
>>>>> It's a major breakthrough. An authentic gaming
>>>>> smartphone on the nation's most reliable network.
>>>>> And it wants your games.
>>>>> http://p.sf.net/sfu/verizon-sfdev
>>>>> _______________________________________________
>>>>> Snort-users mailing list
>>>>> Snort-users at lists.sourceforge.net
>>>>> Go to this URL to change user options or unsubscribe:
>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>> Snort-users list archive:
>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Xperia(TM) PLAY
>>>> It's a major breakthrough. An authentic gaming
>>>> smartphone on the nation's most reliable network.
>>>> And it wants your games.
>>>> http://p.sf.net/sfu/verizon-sfdev
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Xperia(TM) PLAY
>>> It's a major breakthrough. An authentic gaming
>>> smartphone on the nation's most reliable network.
>>> And it wants your games.
>>> http://p.sf.net/sfu/verizon-sfdev
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>
>> ------------------------------------------------------------------------------
>> Xperia(TM) PLAY
>> It's a major breakthrough. An authentic gaming
>> smartphone on the nation's most reliable network.
>> And it wants your games.
>> http://p.sf.net/sfu/verizon-sfdev
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> ------------------------------------------------------------------------------
> Xperia(TM) PLAY
> It's a major breakthrough. An authentic gaming
> smartphone on the nation's most reliable network.
> And it wants your games.
> http://p.sf.net/sfu/verizon-sfdev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Regards,

Jason.




More information about the Snort-users mailing list