Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Threat prevention and pro-active open source monitoring

From: miguel.dilaj () pharma novartis com
Date: Mon, 7 Feb 2005 17:40:14 +0000
Hi Chris,

I'm not aware of any automated tool, if this is what you want. (I'm not 
saying that there are no tools, just that I don't know any).
Regarding manual checking, Google does wonders both in the web and usenet 
groups.
I'm not aware of any tool to monitor IRC, and I think that this can be 
tricky if:
a) not logs of every single bit of conversation (including private 
conversation) are kept, that I don't think will happen due both to privacy 
issues and storage space
b) no online monitoring of conversations (including private conversations) 
is done, that I don't think will happen due both to privacy issues and 
network-monitoring-computing-power

With a little effort, I think that a series of scripts to query Google can 
be written in your preferred language.
In any case, at the end a human assessment must take place. Casual 
combinations of words DO happen ;-)
Cheers,

Miguel Dilaj (Nekromancer)
Vice-President of IT Security Research, OISSG
www.oissg.org






Chris Naegelin <naegelin () gmail com>
04/02/2005 18:59
Please respond to chris

 
        To:     security-basics () securityfocus com
        cc:     (bcc: Miguel Dilaj/PH/Novartis)
        Subject:        Threat prevention and pro-active open source monitoring


Can anyone point me in the right direction for any software products or 
vendors that might do this sort of thing:

We want an intelligent agent or a group of agents to search and archive 
various parts of the web / chat rooms / usenet groups based on specific 
content which could be threatening to an organization. To be more precise: 

A discussion initiates on a newsgroup about a possible vulnerability in 
our software product or website. The agent happens to monitor this 
newsgroup and detects the conversation as a potential threat and thus 
creates a report. 

I've seen this sort of thing being called "open source monitoring" and may 

even fall under "brand protection" however if anyone can provide 
additional information as to what products may help us accomplish this or 
if any security vendors exists which already do this I'd appreciate it!

Regards,
Chris
Previous By Date Next
Previous By Thread Next

Current thread: