IDS mailing list archives
Open source VA-IDS correlation daemon QuIDScor v1.2 released!
From: Laurent Demailly <ldemailly () qualys com>
Date: Fri, 10 Oct 2003 11:51:49 -0700
Hello everybody, I'm pleased to announce that we made major improvements to our BSD licensed correlation daemon QuIDScor. The new 1.2 release included a much smarter and faster correlation engine, now using more information from the Vulnerability Assesment data source as well as from the IDS (Snort). Some of the changes include: - Classification of alerts into three categories: Validated, Unknown, and Invalidated - Correlate using information about services and applications - User-defined mapping file for ID, service and application mappings. - Performance enhancements, including: - Offline processing of Snort-fastlogs - Reprocessing of QuIDScor-logs - Separate processes for correlation and communication to VA All the details, download link, etc... are on : http://quidscor.sourceforge.net/ Enjoy Laurent (As I don't want this to be seen as an infomercial, I don't mention with which VA system QuIDScor works with but I let you guess from my email :-) It could be extended to work with more IDSs (it has a plugable architecture to support already several IDS alert sources (live snort sockets, log files, ...) and possibly more VA systems) --------------------------------------------------------------------------- Captus Networks IPS 4000Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance PoliciesFREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------
Current thread:
- Open source VA-IDS correlation daemon QuIDScor v1.2 released! Laurent Demailly (Oct 10)