IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Tool Annouce : SIDTk 1.0 (SécurIT Intrusion Detection Toolkit)

From: "SecurIT Informatique Inc." <securit () iquebec com>
Date: Mon, 03 Nov 2003 04:48:44 -0500
Hello all.
This is to announce the first release of the SécurIT Intrusion Detection Toolkit, also known as SIDTk 1.0, which is completely Open Source and available for downloads at http://securit.iquebec.com .
The SIDTk 1.0 is a collection of command-line tools aimed at improving host-based intrusion detection conditions on Windows desktops and servers. Some of these tools have originally been shipped with LogAgent 4.0, some others are natural evolutions of pieces of code introduced with LogAgent 4.0 and LogIDS 1.0 Pro, while the others are based on a variation of the same principle. It is easy to create new modules based on the same model, and the code is completely Open Source. 

The SIDTk 1.0 contains:

- ADSScan 1.0 : An Alternate Data Streams scanner
- IntegCheck 1.1 : A filesystem integrity checker (i.e. a Tripwire clone)
- LogUser 1.0 : A module to detect invalid user accounts
- LogShares 1.0 : A module to detect non-allowed shares on the machine
- LogServices 1.0 : A module to detect non-allowed services
- LogStartup 1.0 : A module to detect suspicious items inserted for automatic startup 
- LogProc 1.0 : A module to detect rogue processes running in memory
When launched regularly, these modules can help at finding various facets of an intrusion, and help you to write out false positives and negatives when combined with other intrusion detection utilities, like Snort and LogAgent 5.0.
These modules can be undertaken automatically when used with a registered copy of LogAgent 5.0. 

Adam Richard
SécurIT Informatique Inc.
http://securit.iquebec.com/


---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 
and use priority code SF4.
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: