IDS mailing list archives
IDScenter 1.1 rc1 released
From: Kistler Ueli <iuk () gmx ch>
Date: 4 Feb 2003 23:44:17 -0000
Hello, IDScenter 1.1 RC1 is finally out! Check www.packx.net for more information What's new (short overview)? The rule editor, the ruleset management, the autoblock system and plugins (extract IP, TCP, UDP and ICMP which can be blocked with the sample plugin BlackICEv2.dll), bug fixes, support for -w option, corrected Stream4 option... and much more.. see the changelog when you downloaded the file ;) NOTE: I've released a 99% preconfigured IDS enivornment based on Snort and IDScenter. It uses Apache, MySQL, PHP, ACID (with jpgraph and adodb library preinstalled for PHP) and a little configuration tool (EagleXconfig). I will send out a separate announcement. What is IDScenter? ================== IDScenter is a configuration and and management tool for Snort IDS on Windows platforms. Download: www.packx.net Features ======== * Snort 1.9 / 1.8 / 1.7 support o easy access to all settings o Interface listing using WinPCAP * Snort service mode support o IDScenter takes over control of the Snort service * Snort configuration wizard o Variables o Preprocessor plugins o Output plugins o Rulesets * Ruleset editor: supports all Snort 1.9.1 rule options o Easily modify your rules o Import rules from files or websites into existant rulesets * AutoBlock plugins: write your own plugins (DLL) for your firewall o ISS NetworkICE BlackICE Defender plugin included (possibility to block IP's, TCP and UDP ports, set block duration) o Delphi framework included for fast writing new plugins for other firewalls o Prevents problems in plugins to propagate to IDscenter * Alert notification via e-mail, alarm sound or only visual notification o Possibilty to send the last # lines of your Snort log o Notification of attack is also possible with Snort logging to MySQL o Add attachments (e.x. the current process list generated by another program) * Test configuration feature: fast testing of your IDS configuration (Snort rule syntax checking etc.) * Monitoring: o Alert file monitoring (up to 10 files) o MySQL alert detection: allows centralized monitoring of all Snort sensors (e.x. if you have a Notebook with WLAN adapter you can be alerted whereever you are) * Log rotation (compressed archiving of log files) o Set log rotation period (day, week, month, interval) o Organisation of backup logs * Integrated log viewer o Log file viewer o XML log file viewer o HTML/website viewer (support for ACID, SnortSnarf, etc.) * Program execution possible if an attack was detected * .. and more! Regards, Eclipse eclipse () packx net
Current thread:
- IDScenter 1.1 rc1 released Kistler Ueli (Feb 05)