On Thu, Mar 11, 2004 at 01:55:47PM -0600, DePriest, Jason R. wrote: > My first step is to ping the system, then nbstat it and look up the > current logged on user, then I run nmap against it, then I feed that > into nessus. > ... > It would be nice if I could have specific alerts from our IDS trigger a > specific scan against the source.
That's just what we do. We use swatch to trigger actions. So when our IDS notices something coming from an internal address, swatch kicks off a script that grabs Windows details if possible, and cross-references against our Software auditing system. If not it nmaps it. Then it e-mails a report off which 9 times out of 10 lists not only the "easy" stuff (name and IP address), but who owns it, what city and country they are in, and what their e-mail address and phone number is :-) Sweeeeet :-) BTW: there is no way we could do this with a commercial system. You need a lot of glue to pull all that together ;-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
