This is also something that RSA envision does (It can even conduct the
assessments for you), but it ain't cheap :)
From: [email protected]
[mailto:[email protected]] On Behalf Of Chesmore, Michael
[DAS]
Sent: Thursday, February 10, 2011 1:19 PM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Vulnerability Tracking & Management
I think you are talking about a hybrid SIEM type system.
We looked at OSSIM (Open Source Security Information Manager)a year or so ago.
I had pretty good things to say about it on one hand and some shortfalls on the
other. It is 100% open source, it uses all the standard "tools" that we have
used in security for years so it takes a default NMAP scan or Nessus scan right
into the DB. It has an inventory piece and a ticketing piece. The challenge
is that they want it to be an "all-in-one" suite of software. So out of the
box it works great, if you install their sensors, and their mgmt server it
really is slick. For a SMB I would highly recommend it. Their support is ok
through the forums. In my opinion it is not a large enterprise solution unless
you are ready to write some "glue" scripting to take what you already have in
place and format it correctly to go into OSSIM. We might still go down this
route. If you have the scripting skills (and the time) it could be a really
viable alternative.
Mike
From: [email protected]
[mailto:[email protected]] On Behalf Of Josh Little
Sent: Thursday, February 10, 2011 1:03 PM
To: [email protected]
Subject: [Pauldotcom] Vulnerability Tracking & Management
Hey all. I'm looking for a better way to manage items discovered through our
vulnerability assessments, application reviews, pentests, etc. in a centralized
manner rather than spreadsheets, manual reports, etc. I'd like such a system to
consume exported reports from various different commercial and open-source
scanning technologies as well as manual entries, track the state of these, and
allow me to export data that would go into our metrics initiative. This would
need to work with application, database, and system vulnerability reports. Not
concerned whether it is open source or commercial.
As a bonus it would be great if it could interface with other service and issue
tracking technologies so that I can push tasks to the appropriate teams and
have it appear in their native operating tool.
Anybody know of such a beast?
ZT
******************************************************************************
This email contains confidential and proprietary information and is not to be
used or disclosed to anyone other than the named recipient of this email,
and is to be used only for the intended purpose of this communication.
******************************************************************************
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
