PaulDotCom mailing list archives

Re: Vulnerability Tracking & Management

From: "Chesmore, Michael [DAS]" <Michael.Chesmore () iowa gov>
Date: Thu, 10 Feb 2011 13:19:17 -0600

I think you are talking about a hybrid SIEM type system.

We looked at OSSIM (Open Source Security Information Manager)a year or so ago.  I had pretty good things to say about 
it on one hand and some shortfalls on the other.  It is 100% open source, it uses all the standard "tools" that we have 
used in security for years so it takes a default NMAP scan or Nessus scan right into the DB.  It has an inventory piece 
and a ticketing piece.  The challenge is that they want it to be an "all-in-one" suite of software.  So out of the box 
it works great, if you install their sensors, and their mgmt server it really is slick.  For a SMB I would highly 
recommend it.  Their support is ok through the forums.  In my opinion it is not a large enterprise solution unless you 
are ready to write some "glue" scripting to take what you already have in place and format it correctly to go into 
OSSIM.  We might still go down this route.  If you have the scripting skills (and the time) it could be a really viable 
alternative.

Mike

From: pauldotcom-bounces () mail pauldotcom com [mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Josh 
Little
Sent: Thursday, February 10, 2011 1:03 PM
To: pauldotcom () mail pauldotcom com
Subject: [Pauldotcom] Vulnerability Tracking & Management

Hey all. I'm looking for a better way to manage items discovered through our vulnerability assessments, application 
reviews, pentests, etc. in a centralized manner rather than spreadsheets, manual reports, etc. I'd like such a system 
to consume exported reports from various different commercial and open-source scanning technologies as well as manual 
entries, track the state of these, and allow me to export data that would go into our metrics initiative. This would 
need to work with application, database, and system vulnerability reports. Not concerned whether it is open source or 
commercial.

As a bonus it would be great if it could interface with other service and issue tracking technologies so that I can 
push tasks to the appropriate teams and have it appear in their native operating tool.

Anybody know of such a beast?

ZT

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Vulnerability Tracking & Management Josh Little (Feb 10)
- Re: Vulnerability Tracking & Management Chesmore, Michael [DAS] (Feb 10)
  - Re: Vulnerability Tracking & Management Butturini, Russell (Feb 10)
    - Re: Vulnerability Tracking & Management Josh Little (Feb 10)
    - Re: Vulnerability Tracking & Management Mike Patterson (Feb 11)
    - Re: Vulnerability Tracking & Management Josh Little (Feb 11)
- Re: Vulnerability Tracking & Management Albert R. Campa (Feb 10)
- <Possible follow-ups>
- Re: Vulnerability Tracking & Management Kevin Shaw (Feb 10)
  - Re: Vulnerability Tracking & Management Zate (Feb 10)
    - Re: Vulnerability Tracking & Management Ben Jackson (Feb 11)