We already have a large SIEM implementation in place, so duplicating that would be a non-starter. I'll keep enVision in the hat for the next time that a tech refresh comes into play. If it helps, these are the technologies we are trying to consolidate reporting/tracking for:
Nessus Qualys IBM Appscan DBProtect Whitehat Sentinal Manual Testing Thanks, ZT On Thu, Feb 10, 2011 at 2:22 PM, Butturini, Russell < [email protected]> wrote: > This is also something that RSA envision does (It can even conduct the > assessments for you), but it ain’t cheap J > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Chesmore, Michael > [DAS] > *Sent:* Thursday, February 10, 2011 1:19 PM > *To:* PaulDotCom Security Weekly Mailing List > *Subject:* Re: [Pauldotcom] Vulnerability Tracking & Management > > > > I think you are talking about a hybrid SIEM type system. > > > > We looked at OSSIM (Open Source Security Information Manager)a year or so > ago. I had pretty good things to say about it on one hand and some > shortfalls on the other. It is 100% open source, it uses all the standard > “tools” that we have used in security for years so it takes a default NMAP > scan or Nessus scan right into the DB. It has an inventory piece and a > ticketing piece. The challenge is that they want it to be an “all-in-one” > suite of software. So out of the box it works great, if you install their > sensors, and their mgmt server it really is slick. For a SMB I would highly > recommend it. Their support is ok through the forums. In my opinion it is > not a large enterprise solution unless you are ready to write some “glue” > scripting to take what you already have in place and format it correctly to > go into OSSIM. We might still go down this route. If you have the > scripting skills (and the time) it could be a really viable alternative. > > > > Mike > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Josh Little > *Sent:* Thursday, February 10, 2011 1:03 PM > *To:* [email protected] > *Subject:* [Pauldotcom] Vulnerability Tracking & Management > > > > Hey all. I'm looking for a better way to manage items discovered through > our vulnerability assessments, application reviews, pentests, etc. in a > centralized manner rather than spreadsheets, manual reports, etc. I'd like > such a system to consume exported reports from various different commercial > and open-source scanning technologies as well as manual entries, track the > state of these, and allow me to export data that would go into our metrics > initiative. This would need to work with application, database, and system > vulnerability reports. Not concerned whether it is open source or > commercial. > > > > As a bonus it would be great if it could interface with other service and > issue tracking technologies so that I can push tasks to the appropriate > teams and have it appear in their native operating tool. > > > > Anybody know of such a beast? > > > > ZT > > ****************************************************************************** > This email contains confidential and proprietary information and is not to be > used or disclosed to anyone other than the named recipient of this email, > and is to be used only for the intended purpose of this communication. > ****************************************************************************** > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
