IDS mailing list archives
Re: which IDS
From: Krzysztof Zaraska <kzaraska () student uci agh edu pl>
Date: Thu, 14 Nov 2002 21:42:56 +0100
On Thu, 14 Nov 2002 08:44:49 -0200 Adriano Ribeiro <r00t () o2 net br> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You could catch the Prelude, in: http://www.prelude-ids.org, it's compatible with snort rules, but, uses other engine for intrusion detection, You will go to like, some information more: 1 - Is a distributed. 2 - Is a network and host IDS 3 - Compatible with CIDF.
Being involved in Prelude development, I must correct last statement: Prelude is _not_ compatible with CIDF. I think you wanted say IDMEF :-) And it actually uses IDMEF for all the alert processing (more precisely, we use internally a binary representation of IDMEF data model, which can be of course exported to XML). -- // Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl // Prelude IDS: http://www.prelude-ids.org/ // A dream will always triumph over reality, once it is given the chance. // -- Stanislaw Lem
Current thread:
- which IDS Jill Tovey (Nov 12)
- Re: which IDS Adriano Ribeiro (Nov 14)
- Re: which IDS Krzysztof Zaraska (Nov 14)
- RE: which IDS Khaled (Nov 14)
- Re: which IDS Martin Roesch (Nov 14)
- RE: which IDS Chris Petersen (Nov 15)
- <Possible follow-ups>
- Re: which IDS Vern Paxson (Nov 17)
- Re: which IDS Adriano Ribeiro (Nov 14)