Open source VA-IDS correlation daemon QuIDScor v1.2 released!

[Laurent Demailly <ldemailly () qualys com>]

 Hello everybody,

I'm pleased to announce that we made major improvements to
our BSD licensed correlation daemon QuIDScor. The new 1.2
release included a much smarter and faster correlation engine,
now using more information from the Vulnerability Assesment
data source as well as from the IDS (Snort).

Some of the changes include:

- Classification of alerts into three categories: Validated, Unknown,
  and Invalidated
- Correlate using information about services and applications
- User-defined mapping file for ID, service and application mappings.
- Performance enhancements, including:
  - Offline processing of Snort-fastlogs
  - Reprocessing of QuIDScor-logs
  - Separate processes for correlation and communication to VA

All the details, download link, etc... are on :
http://quidscor.sourceforge.net/

Enjoy
Laurent

(As I don't want this to be seen as an infomercial, I don't
mention with which VA system QuIDScor works with but I let
you guess from my email :-) It could be extended to work with
more IDSs (it has a plugable architecture to support already
several IDS alert sources (live snort sockets, log files, ...)
and possibly more VA systems)


---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to: 
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo 
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------