[Snort-users] Rapid7 and Snort....Good Things from this I think

Alan Ptak alan.ptak at ...11827...
Mon Apr 11 13:20:53 EDT 2011


Ok, this is all nice stuff guys. Now stop hijacking the snort users list.

Just couldn't stop myself from sayin that ;->


On Apr 11, 2011, at 10:11 AM, Joel Esler wrote:

> Yes, exactly.  Thanks Jason.
> 
> Joel
> 
> On Apr 11, 2011, at 1:07 PM, Jason Brvenik wrote:
> 
>> You talking about SourcefireNation?
>> 
>> https://community.sourcefire.com/ is live and readily available.
>> 
>> The integration stuff is in downloads -
>> https://community.sourcefire.com/downloads
>> 
>> On Mon, Apr 11, 2011 at 12:53 PM, Joel Esler <jesler at ...1935...> wrote:
>>> We integrate with a bunch of things.  Rapid7, Qualys, Nessus, Nmap, etc.  More and more coming all the time.  We have a website dedicated to just these types of tools that integrate with the Sourcefire Defense Center, not sure when that'll be announced (or if it was, did I miss it?)
>>> 
>>> Joel
>>> 
>>> On Apr 11, 2011, at 12:42 PM, Jason Wallace wrote:
>>> 
>>>> Enhancing RNA rule recommendations and having host vulnerability data
>>>> readily available are both great, but the biggest thing this adds is
>>>> the effect on the impact flag for an alert.
>>>> 
>>>> When your IPS console knows that host x.x.x.x is vulnerable to
>>>> MSYY-xxxx or CVE-YYYY-xxxx and one of your sensors triggers an alert
>>>> for a rule designed to detect that specific threat, then the console
>>>> can correlate that data to increase the priority (impact) of that
>>>> alert.
>>>> 
>>>> This allows an analyst to identify alerts that should be examined
>>>> immediately. It can also provides more assurance regrading
>>>> implementing certain types of automated responses like firewall shuns
>>>> or null routes on routers.
>>>> 
>>>> Sourcefire systems also integrate with Qualys data and a number of
>>>> SIEM solutions such as QRadar. QRadar also integrates with a number of
>>>> vulnerability scanners too. When your IPS, vulnerability management
>>>> tool, and SIEM all work together the result if friggen' awesome...
>>>> 
>>>> Thx,
>>>> Wally
>>>> 
>>>> 
>>>> 
>>>> On Mon, Apr 11, 2011 at 12:17 PM, Albert R. Campa <abcampa at ...11827...> wrote:
>>>>> i guess it would enhance RNA? There is only so much you can detect
>>>>> sniffing traffic passively. If you can import credentialed vuln
>>>>> information, your RNA recommended rules would be pretty tight.
>>>>> 
>>>>> 
>>>>> 
>>>>> On Mon, Apr 11, 2011 at 11:07 AM, Michael Lubinski
>>>>> <michael.lubinski at ...11827...> wrote:
>>>>>> To trim off the fat, what will importing a NeXpose scan into the 3D system
>>>>>> accomplish. I guess I'm just not familiar enough with the system in general
>>>>>> to make the connection here. If anyone could clue me in a bit, even
>>>>>> off-list, that would be awesome. Thanks!
>>>>>> 
>>>>>> 
>>>>>> On Mon, Apr 11, 2011 at 10:49 AM, Gibson, Nathan J. (HSC)
>>>>>> <Nathan-Gibson at ...15095...> wrote:
>>>>>>> 
>>>>>>> http://www.rapid7.com/news-events/press-releases/2011/2011-sourcefire.jsp
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> GIBBY
>>>>>>> _____________________________
>>>>>>> 
>>>>>>> Nathan J. Gibson, MsIA, CISSP, CISM,CCNA, MCSA
>>>>>>> IT Architect
>>>>>>> Infrastructure Services
>>>>>>> The University of Oklahoma HSC
>>>>>>> 
>>>>>>> voice: 405.271.2644 x50340
>>>>>>> fax:    405.271.2181
>>>>>>> 
>>>>>>> Feedback?  Email comments to Chris Hodges
>>>>>>> 
>>>>>>> --------------------------
>>>>>>> CONFIDENTIALITY NOTICE: This e-mail communication and any attachments may
>>>>>>> contain confidential and privileged information for the use of the
>>>>>>> designated recipients named above. If you are not the intended recipient,
>>>>>>> you are hereby notified that you have received this communication in error
>>>>>>> and that any review, disclosure, dissemination, distribution or copying of
>>>>>>> it or its contents is prohibited. If you have received this communication in
>>>>>>> error, please destroy all copies of this communication and any attachments.
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> ------------------------------------------------------------------------------
>>>>>>> Xperia(TM) PLAY
>>>>>>> It's a major breakthrough. An authentic gaming
>>>>>>> smartphone on the nation's most reliable network.
>>>>>>> And it wants your games.
>>>>>>> http://p.sf.net/sfu/verizon-sfdev
>>>>>>> _______________________________________________
>>>>>>> Snort-users mailing list
>>>>>>> Snort-users at lists.sourceforge.net
>>>>>>> Go to this URL to change user options or unsubscribe:
>>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>>>> Snort-users list archive:
>>>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>>> 
>>>>>> 
>>>>>> ------------------------------------------------------------------------------
>>>>>> Xperia(TM) PLAY
>>>>>> It's a major breakthrough. An authentic gaming
>>>>>> smartphone on the nation's most reliable network.
>>>>>> And it wants your games.
>>>>>> http://p.sf.net/sfu/verizon-sfdev
>>>>>> _______________________________________________
>>>>>> Snort-users mailing list
>>>>>> Snort-users at lists.sourceforge.net
>>>>>> Go to this URL to change user options or unsubscribe:
>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>>> Snort-users list archive:
>>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>>> 
>>>>> 
>>>>> ------------------------------------------------------------------------------
>>>>> Xperia(TM) PLAY
>>>>> It's a major breakthrough. An authentic gaming
>>>>> smartphone on the nation's most reliable network.
>>>>> And it wants your games.
>>>>> http://p.sf.net/sfu/verizon-sfdev
>>>>> _______________________________________________
>>>>> Snort-users mailing list
>>>>> Snort-users at lists.sourceforge.net
>>>>> Go to this URL to change user options or unsubscribe:
>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>> Snort-users list archive:
>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>> 
>>>> 
>>>> ------------------------------------------------------------------------------
>>>> Xperia(TM) PLAY
>>>> It's a major breakthrough. An authentic gaming
>>>> smartphone on the nation's most reliable network.
>>>> And it wants your games.
>>>> http://p.sf.net/sfu/verizon-sfdev
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>> 
>>> 
>>> ------------------------------------------------------------------------------
>>> Xperia(TM) PLAY
>>> It's a major breakthrough. An authentic gaming
>>> smartphone on the nation's most reliable network.
>>> And it wants your games.
>>> http://p.sf.net/sfu/verizon-sfdev
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>> 
>> 
>> 
>> 
>> -- 
>> Regards,
>> 
>> Jason.
> 
> 
> ------------------------------------------------------------------------------
> Xperia(TM) PLAY
> It's a major breakthrough. An authentic gaming
> smartphone on the nation's most reliable network.
> And it wants your games.
> http://p.sf.net/sfu/verizon-sfdev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Alan Ptak
V: 310.488.8606
E: alan.ptak at ...11827...





More information about the Snort-users mailing list