IDS mailing list archives

Re: Vulnerability and IDS

From: Ron Gula <rgula () tenablesecurity com>
Date: Mon, 29 Dec 2003 20:47:13 -0500


The Lightning Console from Tenable will correlate active and passive
vulnerability information (distributed Nessus/NeWT and NeVO) with
real-time IDS alerts from Snort, Dragon, Intruvert (IntruSheild), NFR,
and ISS. More NIDS are planned. These correlations happen at the
application layer, so Lightning will alert you when you have a specific
vulnerability that is being attacked. The correlations are also
automated such that you don't have to program complex rules or write
event management tools. Since Lightning also has knowledge of your
network admins and assets, it can reach out and alert the specific
effected people when a high profile (IDS event correlated with a
vulnerability) event occurs.

Ron Gula, CTO
Tenable Network Security
http://www.tenablesecurity.com


At 08:35 AM 12/29/2003 +1300, Kal wrote:

Hello Listees,
Are there any products that support matching IDS alerts to Vulnerabilityscanner results?
Looking for an "event correlation" system that will raise an alert upon adetected intrusion attempt matching a current vulnerability.
Xmas Cheers

Jon.



---------------------------------------------------------------------------
---------------------------------------------------------------------------



---------------------------------------------------------------------------
---------------------------------------------------------------------------

Current thread:

Vulnerability and IDS Kal (Dec 29)
- Re: Vulnerability and IDS Ron Gula (Dec 29)
- Re: Vulnerability and IDS Mike Lyman (Dec 29)
- Re: Vulnerability and IDS Krzysztof Zaraska (Dec 30)
- <Possible follow-ups>
- RE: Vulnerability and IDS Teicher, Mark (Mark) (Dec 29)
- Re: Vulnerability and IDS Chris Kirschke (Dec 30)