bmc created a perl script to do this back in 2002. The script is called
honeysuckle and can be found here
http://www.shmoo.com/~bmc/software/honeysuckle
#!/usr/bin/perl
# honeysuckle - Vulnerability Correlation with snort & nessus
#
# Copyright (C) 2002 Brian Caswell <[EMAIL PROTECTED]>
#
# "Any sufficiently advanced technology is indistinguishable from a
simple perl
# script"
#
# honeysuckle is an implementation of IDS alert & vulnerabity
correlation based
# on snort alerts & nessus scan. We modify our priority in attempt to
get our
# monitor jockies to focus on the really important stuff.
#
# I don't know about you, but when someone is shooting bullets at me, I
# would like to know they are shooting at me, even if they miss.
#
# (If you want to be dumb, err... ignore attacks that "you are not
vulnerable
# to" move the print line to be inside of the last if statement)
#
# This code uses Nessus reports and snort's sig-msg.map to handle mappings
# via CVE maps. We take CSV input of the following format:
# srcip,dstip,priority,event
...
[EMAIL PROTECTED] wrote:
Hi All,
I am doing some research into integrating Snort and Nessus together.
Just wondering if there are any Snort or Nessus Experts out there that
can tell me if there are using the same tables for their signatures?
cause i understand that they both use the CVE and BID tracking. Not to sure
bout the way their signatures are stored though. would be great if
anyone out there can shed some light on this.
thanks alot
Crux
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
