It would be nice if I could have specific alerts from our IDS trigger a specific scan against the source.
Just an idea: why not use CVE mappings for that?
Of course you have to make sure that both Nessus and your IDS have comprehensive CVE mappings [1] that correlated a given IDS alert # with a Nessus plugin #.
If you had that, you could do an "IF I see an alert related to CVE name CVE|CAN-XXXX-XXXX directed to host X THEN launch plugin Y to host X AND see if it's really vulnerable to that problem and, IF so, set a higher priority in the alert. If not, lower the priority of the alert (or discard it)"
This is really one of the things CVE is directed towards: http://www.cve.mitre.org/compatible/enterprise.html
Regards
Javier
[1] CVE references in Nessus plugins have been reviewed, from time to time, by different people and they have shared those both the benefit of others :-)
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
