Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Snort

from [Phil Hollows] Network Security [Permanent Link]
Subject: RE: Snort
Date: Thu, 30 Sep 2004 22:44:39 -0400 
Well, in the spirit of keeping Ron up to date, Open's SIM is one that has daily 
updates of vulnerabilities, exploits and IDS, PIS and VA signatures as part of 
the core offering, ensuring that our customers are always using the latest 
threat information when evaluating the risk of an event, and can take your VA 
data from multiple systems (open and proprietary) and use the very latest data 
to compute risk, identify threats and take remediative actions appropriately.
 
Phil
OpenService (Open)
www.open.com

        -----Original Message----- 
        From: Ron Gula [mailto:rgula@tenablesecurity.com] 
        Sent: Thu 9/30/2004 1:03 PM 
        To: focus-ids@securityfocus.com 
        Cc: 
        Subject: Re: Snort
        
        

        At 02:09 PM 9/27/2004 -0700, Jeremy Gonzales wrote:
        >Hi,
        >
        >Does anyone have experience with snort reports? How do
        >you deal with the loads of information? Is there a way
        >to  generate reports that eliminate the false
        >positives? Any help will be appreciated.
        >
        >Thanks,
        >
        >Jeremy.
        
        There are a variety of commercial and open source IDS
        and SIM solutions. Things you should check out include
        (and I am biased, so I list Lightning & NeVO & Nessus
        first) are:
        
        - Lightning Console and NeVO from Tenable Network Security.
           It can manage several dozen Snort sensors and correlate
           Snort IDS events with vulns discovered passively via
           NeVO, through distributed Nessus scanning or through
           Nessus's host-based UNIX and NT checks.
        
        - Sourcefire's RNA and their console can help qualify
           if an IDS event is relevant or not. I've seen people
           use RNA to highlight specific events which may target
           a known vulnerability.
        
        - SIM vendors like Guarded.net can take in IDS events
           from SNORT, and qualify them with other events and
           vulnerability data. My only caveat is that most of
           the SIMs take a one-time snapshot of vulns and don't
           integrate daily vuln data that you can get with RNA
           or NeVO.
        
        - In the open source arena, there are tools like
           Gherkin and I've seen people write scripts to use the
           output of p0f and nmap to remove non vuln snort events.
        
        Ron Gula, CTO
        Tenable Network Security
        
        
        
        
        
        
--------------------------------------------------------------------------
        Test Your IDS
        
        Is your IDS deployed correctly?
        Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
        Go to 
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn 
more.
        
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Passive Asset Detection System v1.1.3 Released, Matt Shelton
Next by Date:  [Full-Disclosure] On Polymorphic Evasion, Phantasmal Phantasmagoria
Previous by Thread:  Re: Snort, Raffael Marty
Next by Thread:  Passive Asset Detection System v1.1.3 Released, Matt Shelton
Indexes:  [Date] [Thread] [Top] [All Lists]