Snort mailing list archives
ANNOUNCEMENT: IDScenter 1.1 RC3 released on www.engagesecurity.com
From: Ueli Kistler <iuk () gmx ch>
Date: Mon, 16 Jun 2003 14:14:12 +0200
Hello i'm glad to announce the release of IDScenter 1.1 RC3 and the new website http://www.engagesecurity.com. Note that www.packx.net is not updated anymore. Product page: http://www.engagesecurity.com/products/idscenter Download: http.//www.engagesecurity.com/downloadsDescription: IDScenter is a front-end for Snort intrusion detection systems www.snort.org)
Platform: Windows 9x/Me/NT/2K/XP Version: 1.1 RC3 Author: U. Kistler Features: * Snort 2.0, 1.9, 1.8 and1.7 support o easy access to all settings o Interface listing using WinPCAP o inline configuration support (options in configuration file instead of command-line parameters, if available) * Snort service mode support o IDScenter takes over control of the Snort service * Snort configuration wizard o Variables o Preprocessor plugins o Output plugins (Syslog output plugin configuration for Snort 2.x and Snort 1.9.x supported!) o Rulesets * Online updates of IDS rules: IDScenter integrates a http client and starts an update script on demand o Full configuration frontend for Andreas Östlings Oinkmaster perl script o custom interval for update checks * Ruleset editor: supports all Snort 2.0 rule options o Easily modify your rules o Sort rules based on source IP, port, etc. o Import rules from files or websites into existant rulesets * HTML report from SQL backend o IDScenter can generate HTML output from your SQL database o Custom HTML template o Decoding of TCP Flags and more, Hex/Base 64 payload decoding, mutli-threaded DNS resolving possibility * Alert notification via e-mail, alarm sound or only visual notification o Threaded e-mail sending with custom send interval o SQL queries can be included in an AlertMail message, which are processed on demand (see above) o Possibilty to send the last # lines of your Snort log o Notification of attack is also possible with Snort logging to MySQL o Add attachments (e.x. the current process list generated by another program) * AutoBlock plugins: write your own plugins (DLL) for your firewall o ISS NetworkICE BlackICE Defender plugin included (possibility to block IP's, TCP and UDP ports, ICMP packets, set block duration) o Delphi framework included for fast writing new plugins for other firewalls o Test configuration feature: fast testing of your IDS configuration (Snort rule syntax checking etc.) * Monitoring: o Alert file monitoring (up to 10 files) o MySQL alert detection: allows centralized monitoring of all Snort sensors * Log rotation (compressed archiving of log files) o Backup your logfiles automatically, set log rotation period (day, week, month, interval) * Global event logging o Log events such AlertMail sending, Log rotation, Online updates, etc. * Integrated log viewer o Log file viewer o XML log file viewer o HTML/website viewer (support for ACID, SnortSnarf, HTML ouput generated using IDScenter's report template page etc.) o CVE search and WHOIS lookups * Program execution possible if an attack was detected Requirements: * Snort 2.x (recommended) * WinPCAP 2.3 or higher Regards, Ueli Kistler u.kistler () engagesecurity com www.engagesecurity.com -- ------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ANNOUNCEMENT: IDScenter 1.1 RC3 released on www.engagesecurity.com Ueli Kistler (Jun 16)