On Mon, 22 Apr 2002, H D Moore wrote:
> On Monday 22 April 2002 06:40 pm, H D Moore wrote:
> > This perl script will create a snort-like "map" of nessus plugins to their
> > appropriate references.
>
> I know its bad taste to reply to myself, but thought this bit might be useful:
>
> The snort-msg.map file contains more than just CVE references, it also lists
> bugtraq ids, mcafee ids, reference urls, and a couple other types. This means
> if you can correlate a nessus plugin to a snort signature, you also get a
> list of new references for that plugin. This works both ways, some of the
> snort sigs may be missing info that the plugins have, but they match on the
> CVE id. During the first run, I was able to match up about 400 plugins->sigs
> automatically. Brian only contributed CVE/CAN numbers for those
> vulnerabilities which were rated as high risk, so there are still quite a few
> left to fill in (if not the script_cve_id, then the script_bugtraq_id). It
> would be nice to be able to generate these references from an online web app
> (which was the goal of my previous project), but I never got around to
> finishing it. Is anyone else interested in this project?
I am. I would think of linking it with SQL databases. Then all one has to
do is get updates from snort and nessus into the database and you can link
it the way you like it.
I'm game for such a project.
Hugo.
--
All email send to me is bound to the rules described on my homepage.
[EMAIL PROTECTED] http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
