Interfaces with other service and tracking technologies (I assume you mean things like Remedy, Request Tracker, etc) is generally through SMTP, at least for the commercial VA tools. Some will do SNMP traps, most have XML type interfaces, so if you want to do some coding, you can probably make it work.
If you already have the SIEM though, probably the easiest way to accomplish ticketing type stuff is to push things to your SIEM and have whatever mechanism you have in place there (you have something in place there, right?) handle the pushing out to other groups. You already have Qualys too. Are its reporting functions insufficient, or are you using it in a more limited fashion? On 11-02-10 2:44 PM, Josh Little wrote: > We already have a large SIEM implementation in place, so duplicating that > would be a non-starter. I'll keep enVision in the hat for the next time that > a tech refresh comes into play. If it helps, these are the technologies we > are trying to consolidate reporting/tracking for: > > Nessus > Qualys > IBM Appscan > DBProtect > Whitehat Sentinal > Manual Testing > > Thanks, > ZT > > On Thu, Feb 10, 2011 at 2:22 PM, Butturini, Russell < > [email protected]> wrote: > >> This is also something that RSA envision does (It can even conduct the >> assessments for you), but it ain’t cheap J >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Chesmore, Michael >> [DAS] >> *Sent:* Thursday, February 10, 2011 1:19 PM >> *To:* PaulDotCom Security Weekly Mailing List >> *Subject:* Re: [Pauldotcom] Vulnerability Tracking & Management >> >> >> >> I think you are talking about a hybrid SIEM type system. >> >> >> >> We looked at OSSIM (Open Source Security Information Manager)a year or so >> ago. I had pretty good things to say about it on one hand and some >> shortfalls on the other. It is 100% open source, it uses all the standard >> “tools” that we have used in security for years so it takes a default NMAP >> scan or Nessus scan right into the DB. It has an inventory piece and a >> ticketing piece. The challenge is that they want it to be an “all-in-one” >> suite of software. So out of the box it works great, if you install their >> sensors, and their mgmt server it really is slick. For a SMB I would highly >> recommend it. Their support is ok through the forums. In my opinion it is >> not a large enterprise solution unless you are ready to write some “glue” >> scripting to take what you already have in place and format it correctly to >> go into OSSIM. We might still go down this route. If you have the >> scripting skills (and the time) it could be a really viable alternative. >> >> >> >> Mike >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Josh Little >> *Sent:* Thursday, February 10, 2011 1:03 PM >> *To:* [email protected] >> *Subject:* [Pauldotcom] Vulnerability Tracking & Management >> >> >> >> Hey all. I'm looking for a better way to manage items discovered through >> our vulnerability assessments, application reviews, pentests, etc. in a >> centralized manner rather than spreadsheets, manual reports, etc. I'd like >> such a system to consume exported reports from various different commercial >> and open-source scanning technologies as well as manual entries, track the >> state of these, and allow me to export data that would go into our metrics >> initiative. This would need to work with application, database, and system >> vulnerability reports. Not concerned whether it is open source or >> commercial. >> >> >> >> As a bonus it would be great if it could interface with other service and >> issue tracking technologies so that I can push tasks to the appropriate >> teams and have it appear in their native operating tool. >> >> >> >> Anybody know of such a beast? >> >> >> >> ZT >> >> ****************************************************************************** >> This email contains confidential and proprietary information and is not to >> be used or disclosed to anyone other than the named recipient of this email, >> and is to be used only for the intended purpose of this communication. >> ****************************************************************************** >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
