Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Best ROI Combination - Metasploit & Training
From: Arch Angel <arch3angel () gmail com>
Date: Tue, 11 Dec 2012 14:41:23 -0500

I have the list of the Q1 Labs QRadar supported devices, and I see a few
companies I have already been in contact with.  The suggestion about
bundling I did not know about, and will pass that along.  However, I may be
mistaken but global may already have that plan locked up.  Even if it is
just an FYI for me, that's good information to have THANK YOU!

- Robert
(arch3angel)

On Tue, Dec 11, 2012 at 12:26 PM, Ryker Exum <Ryker.Exum () pathmaker-group com
wrote:

 QRadar takes in quite a few vuln scanners as well as pulls in from
several kinds of UTM devices (which may include vuln scanners)****

** **

Here is a list to look through:
http://q1labs.com/products/supported-devices.aspx****

** **

Depending on how you are managing your endpoints and budget you can
potentially bundle Qradar and Tivoli Endpoint Manager. This will let you
scan and patch to save some time. It will take in data from other scanners
as well like nessus.****


http://support.bigfix.com/product/documents/Tivoli_Endpoint_Manager_Administrators_Guide_81.pdf
****

** **

** **

*From:* pauldotcom-bounces () mail pauldotcom com [mailto:
pauldotcom-bounces () mail pauldotcom com] *On Behalf Of *Albert R. Campa
*Sent:* Tuesday, December 11, 2012 8:51 AM
*To:* arch3angel () gmail com; PaulDotCom Security Weekly Mailing List
*Subject:* Re: [Pauldotcom] Best ROI Combination - Metasploit & Training**
**

** **

stand alone Nessus does integrate with Qradar.

I really like Nessus as a scanner and also as you say, using audit files.

SANS training like 560 or 542 are both good, offsec training is great as
well.

im interested to know why you dont like Nessus as a vulnerability scanner?
****

** **

On Mon, Dec 10, 2012 at 6:37 PM, Arch Angel <arch3angel () gmail com> wrote:*
***

I would like to thank everyone for the advice and suggestions, it is truly
appreciated and welcomed!

I cannot go into detail as to the company or the status but I can say that
in my region we are looking to build a ground up program and are under
Visa, MasterCard, Discover, and ISO guidelines / requirements.  We
currently have Nessus, which till I walked in had not even been installed.
 As a matter of fact I asked which machine it was on, the reply was "Well
we couldn't get it licensed because it would have required a firewall
change and that's a hassle so we just never installed it".  Needless to say
it is installed and I'm working through the trials and tribulations of red
tape to get it to do more for us than host discovery.  That being said I
absolutely love Nessus but not as a vulnerability scanner.  I like it
automating configuration checks, custom audit files, checking Active
Directory items, etc..  I prefer NexPose for vulnerability and NexPose
seamlessly integrates with Q1 Labs, QRadar SIEM, which I am not sure Nessus
does.  QRadar is coming down the pipe from corporate before too long.

I also prefer to invest in good people rather than tools which, as mention
above, have a tendency to sit in the virtual bookshelf collecting virtual
dust if the people don't know how to use them. This may end up being
answered based on $$$ over the 2013 calendar year.  Unfortunately I was not
part of the 2013 budget plans, so it may end up being nothing till 2014 :-(

For example, I am in the process of building a wireless auditing program
based on Kismet, and off the shelf hardware.  This is actually working
quite well so far during testing!

--

Thank you,

Robert Miller
http://www.armoredpackets.com

Twitter: @arch3angel****



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com****

** **

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault