Security Event Management for Linux

["Josh Berry" <josh.berry () netschematics com>]

I am currently working on a project (pending at SourceForge) for
developing a web based framework for Security Information Management and
Correlation.  The system will run on Linux and is called Secure React
(Reporter for Event Analysis Correlation and Tracking).  I need all the
help I can get as the system is intended to be a centralized portal for
systems such as IDS, IPS, VA, Web Monitoring, etc (Think something like
A.C.I.D. for all of these systems).  Right now I am mutilating the ACID
code to extend it for the capabilities I need, and looking at Nessus' DB
format, Vigilante's DB format and SurfControl's DB format.

I would like to be able to search all of these systems from one console,
and generate reports, etc.

I am new to PHP/MySQL development and would appreciate help from anyone
willing to lend it.

Other capabilities that I want to add:
   1)  Correlation/Trend Creation for IP's and DNS names
   2)  Capability of marking false-positives within all the modules of the
system
   3)  Capability of assigning resources to valid security events and
creating incident response tickets
   4)  Capability of being able to easily add new modules to the system
(similar to how Squirrelmail works)

Please respond if you are interested.


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users