Snort mailing list archives
Security Event Management for Linux
From: "Josh Berry" <josh.berry () netschematics com>
Date: Mon, 26 Jan 2004 10:43:10 -0600 (CST)
I am currently working on a project (pending at SourceForge) for developing a web based framework for Security Information Management and Correlation. The system will run on Linux and is called Secure React (Reporter for Event Analysis Correlation and Tracking). I need all the help I can get as the system is intended to be a centralized portal for systems such as IDS, IPS, VA, Web Monitoring, etc (Think something like A.C.I.D. for all of these systems). Right now I am mutilating the ACID code to extend it for the capabilities I need, and looking at Nessus' DB format, Vigilante's DB format and SurfControl's DB format. I would like to be able to search all of these systems from one console, and generate reports, etc. I am new to PHP/MySQL development and would appreciate help from anyone willing to lend it. Other capabilities that I want to add: 1) Correlation/Trend Creation for IP's and DNS names 2) Capability of marking false-positives within all the modules of the system 3) Capability of assigning resources to valid security events and creating incident response tickets 4) Capability of being able to easily add new modules to the system (similar to how Squirrelmail works) Please respond if you are interested. ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Security Event Management for Linux Josh Berry (Jan 26)