Our Qualys install is handled through our offsite datacenter provider for our major production systems. We tell them when to run the thing and we get a PDF back. One of my goals for the next quarter is to get a higher level of control over how that system is run and our relationship with the provider in general, at least in terms of their hosted toolset.
Our SIEM (LogRhythm) may not accept scan results as it is primarily log centric. We also have a RedSeal install. That will do about a third of what I'm looking for since it can import Qualys and Nessus scan results, track them, and note when any problems have been resolved. But it can't do anything with the app, db, and manual testing that we do, nor can it report out and track assignments etc. I have a feeling I'm going to have to mock something up myself. ZT On Fri, Feb 11, 2011 at 8:19 AM, Mike Patterson <[email protected]> wrote: > Interfaces with other service and tracking technologies (I assume you > mean things like Remedy, Request Tracker, etc) is generally through > SMTP, at least for the commercial VA tools. Some will do SNMP traps, > most have XML type interfaces, so if you want to do some coding, you can > probably make it work. > > If you already have the SIEM though, probably the easiest way to > accomplish ticketing type stuff is to push things to your SIEM and have > whatever mechanism you have in place there (you have something in place > there, right?) handle the pushing out to other groups. > > You already have Qualys too. Are its reporting functions insufficient, > or are you using it in a more limited fashion? > > On 11-02-10 2:44 PM, Josh Little wrote: > > We already have a large SIEM implementation in place, so duplicating that > > would be a non-starter. I'll keep enVision in the hat for the next time > that > > a tech refresh comes into play. If it helps, these are the technologies > we > > are trying to consolidate reporting/tracking for: > > > > Nessus > > Qualys > > IBM Appscan > > DBProtect > > Whitehat Sentinal > > Manual Testing > > > > Thanks, > > ZT > > > > On Thu, Feb 10, 2011 at 2:22 PM, Butturini, Russell < > > [email protected]> wrote: > > > >> This is also something that RSA envision does (It can even conduct the > >> assessments for you), but it ain’t cheap J > >> > >> > >> > >> *From:* [email protected] [mailto: > >> [email protected]] *On Behalf Of *Chesmore, > Michael > >> [DAS] > >> *Sent:* Thursday, February 10, 2011 1:19 PM > >> *To:* PaulDotCom Security Weekly Mailing List > >> *Subject:* Re: [Pauldotcom] Vulnerability Tracking & Management > >> > >> > >> > >> I think you are talking about a hybrid SIEM type system. > >> > >> > >> > >> We looked at OSSIM (Open Source Security Information Manager)a year or > so > >> ago. I had pretty good things to say about it on one hand and some > >> shortfalls on the other. It is 100% open source, it uses all the > standard > >> “tools” that we have used in security for years so it takes a default > NMAP > >> scan or Nessus scan right into the DB. It has an inventory piece and a > >> ticketing piece. The challenge is that they want it to be an > “all-in-one” > >> suite of software. So out of the box it works great, if you install > their > >> sensors, and their mgmt server it really is slick. For a SMB I would > highly > >> recommend it. Their support is ok through the forums. In my opinion it > is > >> not a large enterprise solution unless you are ready to write some > “glue” > >> scripting to take what you already have in place and format it correctly > to > >> go into OSSIM. We might still go down this route. If you have the > >> scripting skills (and the time) it could be a really viable alternative. > >> > >> > >> > >> Mike > >> > >> > >> > >> *From:* [email protected] [mailto: > >> [email protected]] *On Behalf Of *Josh Little > >> *Sent:* Thursday, February 10, 2011 1:03 PM > >> *To:* [email protected] > >> *Subject:* [Pauldotcom] Vulnerability Tracking & Management > >> > >> > >> > >> Hey all. I'm looking for a better way to manage items discovered through > >> our vulnerability assessments, application reviews, pentests, etc. in a > >> centralized manner rather than spreadsheets, manual reports, etc. I'd > like > >> such a system to consume exported reports from various different > commercial > >> and open-source scanning technologies as well as manual entries, track > the > >> state of these, and allow me to export data that would go into our > metrics > >> initiative. This would need to work with application, database, and > system > >> vulnerability reports. Not concerned whether it is open source or > >> commercial. > >> > >> > >> > >> As a bonus it would be great if it could interface with other service > and > >> issue tracking technologies so that I can push tasks to the appropriate > >> teams and have it appear in their native operating tool. > >> > >> > >> > >> Anybody know of such a beast? > >> > >> > >> > >> ZT > >> > >> > ****************************************************************************** > >> This email contains confidential and proprietary information and is not > to be used or disclosed to anyone other than the named recipient of this > email, > >> and is to be used only for the intended purpose of this communication. > >> > ****************************************************************************** > >> > >> > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > >> > > > > > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
