Jaime Blasco Blog


Feb 2009
Ossim: Cross Correlation Rules Updated
Tue, 03 Feb 2009 

I īve just updated ossim Cross Correlation rules related to nessus-snort, check the cvs!!
So, the basic rule for Cross Correlation is: 
if snort has discovered an attack to an IP, and we know that IP has that vulnerability, the reliability will change to 10.
The relationships between nessus ID.s and snort vulnerabilities are stored in the table plugin_reference. 
If you want to do some kind of personalization, you have to insert data in this table. Check Personalize Cross Correlation. 
When a personalized Cross Correlation matches, the event adds the reliability of the new plugin to the old one. 




  posted at: 14:59 | path: /Ossim | permanent link to this entry | 0 comments |


Categories

/ (34)
    Attacks/ (2)
    Exploits/ (1)
    General/ (3)
    Lua/ (1)
    Malware/ (3)
    Nessus/ (6)
        cisco/ (1)
        plugins/ (3)
    Ossim/ (9)
    Scada Security/ (2)
    Security Visualization/ (6)
        Malware/ (2)
    Vulnerability Management/ (1)


Jaime Blasco
(feel free to get in touch)
  • Mail
  • Linkedin
  • Twitter
  • Linkedin
  • Forums

Friend's blogs:
  • /blog/dk
  • /blog/juanma
  • /blog/santiago
  • /blog/pablo/



RSS



Lecture...




< February 2009 >
MoTuWeThFrSaSu
       1
2 3 4 5 6 7 8
9101112131415
16171819202122
232425262728 



Archives

2010-Aug
2010-Jul
2010-Mar
2010-Jan
2009-Dec
2009-Oct
2009-Sep
2009-Jul
2009-Jun
2009-Apr
2009-Mar
2009-Feb
2009-Jan
2008-Oct
2008-Aug



Tags


Made with PyBlosxom