IDS mailing list archives
Re: Vulnerability and IDS
From: Ron Gula <rgula () tenablesecurity com>
Date: Mon, 29 Dec 2003 20:47:13 -0500
The Lightning Console from Tenable will correlate active and passive vulnerability information (distributed Nessus/NeWT and NeVO) with real-time IDS alerts from Snort, Dragon, Intruvert (IntruSheild), NFR, and ISS. More NIDS are planned. These correlations happen at the application layer, so Lightning will alert you when you have a specific vulnerability that is being attacked. The correlations are also automated such that you don't have to program complex rules or write event management tools. Since Lightning also has knowledge of your network admins and assets, it can reach out and alert the specific effected people when a high profile (IDS event correlated with a vulnerability) event occurs. Ron Gula, CTO Tenable Network Security http://www.tenablesecurity.com At 08:35 AM 12/29/2003 +1300, Kal wrote:
Hello Listees,Are there any products that support matching IDS alerts to Vulnerability scanner results?Looking for an "event correlation" system that will raise an alert upon a detected intrusion attempt matching a current vulnerability.Xmas Cheers Jon. --------------------------------------------------------------------------- ---------------------------------------------------------------------------
--------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Vulnerability and IDS Kal (Dec 29)
- Re: Vulnerability and IDS Ron Gula (Dec 29)
- Re: Vulnerability and IDS Mike Lyman (Dec 29)
- Re: Vulnerability and IDS Krzysztof Zaraska (Dec 30)
- <Possible follow-ups>
- RE: Vulnerability and IDS Teicher, Mark (Mark) (Dec 29)
- Re: Vulnerability and IDS Chris Kirschke (Dec 30)