[EMAIL PROTECTED]([EMAIL PROTECTED])@2005.09.16 06:52:56 -0000: > Hi All, > > I am doing some research into integrating Snort and Nessus together. > Just wondering if there are any Snort or Nessus Experts out there that > can tell me if there are using the same tables for their signatures? > cause i understand that they both use the CVE and BID tracking. Not to sure > bout the way their signatures are stored though. would be great if > anyone out there can shed some light on this. >
nessus implements a scripting language, NASL (iirc nessus attack scripting language), these nasl files (plugins) are stored in flat files. some of them have dependencies (it doesn't make sense running further scanning of applications which are definitly not installed on $TARGET). they are _not_ just "patterns". So what you got to do is extracting the actual attack and store it in your database. be aware that some of the pdtterns in these plugins will produce false positives if you just take them and match them against some logfiles/traffic/whatever without thinking about the dependencies. (keep in mind that we are talking about over 2500 plugins to go through and evaluate) what is the idea behind your "integration"? regards teemu -- "Every man takes the limits of his own field of vision for the limits of the world." - Schopenhauer
pgpex56AzJMiQ.pgp
Description: PGP signature
