[Snort-users] Rapid7 and Snort....Good Things from this I think

Joel Esler jesler at ...1935...
Mon Apr 11 13:11:17 EDT 2011


Yes, exactly.  Thanks Jason.

Joel

On Apr 11, 2011, at 1:07 PM, Jason Brvenik wrote:

> You talking about SourcefireNation?
> 
> https://community.sourcefire.com/ is live and readily available.
> 
> The integration stuff is in downloads -
> https://community.sourcefire.com/downloads
> 
> On Mon, Apr 11, 2011 at 12:53 PM, Joel Esler <jesler at ...1935...> wrote:
>> We integrate with a bunch of things.  Rapid7, Qualys, Nessus, Nmap, etc.  More and more coming all the time.  We have a website dedicated to just these types of tools that integrate with the Sourcefire Defense Center, not sure when that'll be announced (or if it was, did I miss it?)
>> 
>> Joel
>> 
>> On Apr 11, 2011, at 12:42 PM, Jason Wallace wrote:
>> 
>>> Enhancing RNA rule recommendations and having host vulnerability data
>>> readily available are both great, but the biggest thing this adds is
>>> the effect on the impact flag for an alert.
>>> 
>>> When your IPS console knows that host x.x.x.x is vulnerable to
>>> MSYY-xxxx or CVE-YYYY-xxxx and one of your sensors triggers an alert
>>> for a rule designed to detect that specific threat, then the console
>>> can correlate that data to increase the priority (impact) of that
>>> alert.
>>> 
>>> This allows an analyst to identify alerts that should be examined
>>> immediately. It can also provides more assurance regrading
>>> implementing certain types of automated responses like firewall shuns
>>> or null routes on routers.
>>> 
>>> Sourcefire systems also integrate with Qualys data and a number of
>>> SIEM solutions such as QRadar. QRadar also integrates with a number of
>>> vulnerability scanners too. When your IPS, vulnerability management
>>> tool, and SIEM all work together the result if friggen' awesome...
>>> 
>>> Thx,
>>> Wally
>>> 
>>> 
>>> 
>>> On Mon, Apr 11, 2011 at 12:17 PM, Albert R. Campa <abcampa at ...11827...> wrote:
>>>> i guess it would enhance RNA? There is only so much you can detect
>>>> sniffing traffic passively. If you can import credentialed vuln
>>>> information, your RNA recommended rules would be pretty tight.
>>>> 
>>>> 
>>>> 
>>>> On Mon, Apr 11, 2011 at 11:07 AM, Michael Lubinski
>>>> <michael.lubinski at ...11827...> wrote:
>>>>> To trim off the fat, what will importing a NeXpose scan into the 3D system
>>>>> accomplish. I guess I'm just not familiar enough with the system in general
>>>>> to make the connection here. If anyone could clue me in a bit, even
>>>>> off-list, that would be awesome. Thanks!
>>>>> 
>>>>> 
>>>>> On Mon, Apr 11, 2011 at 10:49 AM, Gibson, Nathan J. (HSC)
>>>>> <Nathan-Gibson at ...15095...> wrote:
>>>>>> 
>>>>>> http://www.rapid7.com/news-events/press-releases/2011/2011-sourcefire.jsp
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> GIBBY
>>>>>> _____________________________
>>>>>> 
>>>>>> Nathan J. Gibson, MsIA, CISSP, CISM,CCNA, MCSA
>>>>>> IT Architect
>>>>>> Infrastructure Services
>>>>>> The University of Oklahoma HSC
>>>>>> 
>>>>>> voice: 405.271.2644 x50340
>>>>>> fax:    405.271.2181
>>>>>> 
>>>>>> Feedback?  Email comments to Chris Hodges
>>>>>> 
>>>>>> --------------------------
>>>>>> CONFIDENTIALITY NOTICE: This e-mail communication and any attachments may
>>>>>> contain confidential and privileged information for the use of the
>>>>>> designated recipients named above. If you are not the intended recipient,
>>>>>> you are hereby notified that you have received this communication in error
>>>>>> and that any review, disclosure, dissemination, distribution or copying of
>>>>>> it or its contents is prohibited. If you have received this communication in
>>>>>> error, please destroy all copies of this communication and any attachments.
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> ------------------------------------------------------------------------------
>>>>>> Xperia(TM) PLAY
>>>>>> It's a major breakthrough. An authentic gaming
>>>>>> smartphone on the nation's most reliable network.
>>>>>> And it wants your games.
>>>>>> http://p.sf.net/sfu/verizon-sfdev
>>>>>> _______________________________________________
>>>>>> Snort-users mailing list
>>>>>> Snort-users at lists.sourceforge.net
>>>>>> Go to this URL to change user options or unsubscribe:
>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>>> Snort-users list archive:
>>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>> 
>>>>> 
>>>>> ------------------------------------------------------------------------------
>>>>> Xperia(TM) PLAY
>>>>> It's a major breakthrough. An authentic gaming
>>>>> smartphone on the nation's most reliable network.
>>>>> And it wants your games.
>>>>> http://p.sf.net/sfu/verizon-sfdev
>>>>> _______________________________________________
>>>>> Snort-users mailing list
>>>>> Snort-users at lists.sourceforge.net
>>>>> Go to this URL to change user options or unsubscribe:
>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>> Snort-users list archive:
>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>> 
>>>> 
>>>> ------------------------------------------------------------------------------
>>>> Xperia(TM) PLAY
>>>> It's a major breakthrough. An authentic gaming
>>>> smartphone on the nation's most reliable network.
>>>> And it wants your games.
>>>> http://p.sf.net/sfu/verizon-sfdev
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>> 
>>> 
>>> ------------------------------------------------------------------------------
>>> Xperia(TM) PLAY
>>> It's a major breakthrough. An authentic gaming
>>> smartphone on the nation's most reliable network.
>>> And it wants your games.
>>> http://p.sf.net/sfu/verizon-sfdev
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> 
>> 
>> ------------------------------------------------------------------------------
>> Xperia(TM) PLAY
>> It's a major breakthrough. An authentic gaming
>> smartphone on the nation's most reliable network.
>> And it wants your games.
>> http://p.sf.net/sfu/verizon-sfdev
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> 
> 
> 
> 
> -- 
> Regards,
> 
> Jason.





More information about the Snort-users mailing list