Snort mailing list archives
ANNOUNCEMENT: IDScenter 1.1 RC3 released on www.engagesecurity.com
From: Ueli Kistler <iuk () gmx ch>
Date: Mon, 16 Jun 2003 14:14:12 +0200
Hello i'm glad to announce the release of IDScenter 1.1 RC3 and the new website http://www.engagesecurity.com. Note that www.packx.net is not updated anymore. Product page: http://www.engagesecurity.com/products/idscenter Download: http.//www.engagesecurity.com/downloadsDescription: IDScenter is a front-end for Snort intrusion detection systems www.snort.org)
Platform: Windows 9x/Me/NT/2K/XP
Version: 1.1 RC3
Author: U. Kistler
Features:
* Snort 2.0, 1.9, 1.8 and1.7 support
o easy access to all settings
o Interface listing using WinPCAP
o inline configuration support (options in configuration file
instead of command-line parameters, if available)
* Snort service mode support
o IDScenter takes over control of the Snort service
* Snort configuration wizard
o Variables
o Preprocessor plugins
o Output plugins (Syslog output plugin configuration for Snort 2.x
and Snort 1.9.x supported!)
o Rulesets
* Online updates of IDS rules: IDScenter integrates a http client
and starts an update script on demand
o Full configuration frontend for Andreas Östlings Oinkmaster perl
script
o custom interval for update checks
* Ruleset editor: supports all Snort 2.0 rule options
o Easily modify your rules
o Sort rules based on source IP, port, etc.
o Import rules from files or websites into existant rulesets
* HTML report from SQL backend
o IDScenter can generate HTML output from your SQL database
o Custom HTML template
o Decoding of TCP Flags and more, Hex/Base 64 payload decoding,
mutli-threaded DNS resolving possibility
* Alert notification via e-mail, alarm sound or only visual notification
o Threaded e-mail sending with custom send interval
o SQL queries can be included in an AlertMail message, which are
processed on demand (see above)
o Possibilty to send the last # lines of your Snort log
o Notification of attack is also possible with Snort logging to MySQL
o Add attachments (e.x. the current process list generated by
another program)
* AutoBlock plugins: write your own plugins (DLL) for your firewall
o ISS NetworkICE BlackICE Defender plugin included (possibility to
block IP's, TCP and UDP ports, ICMP packets, set block duration)
o Delphi framework included for fast writing new plugins for other
firewalls
o Test configuration feature: fast testing of your IDS
configuration (Snort rule syntax checking etc.)
* Monitoring:
o Alert file monitoring (up to 10 files)
o MySQL alert detection: allows centralized monitoring of all
Snort sensors
* Log rotation (compressed archiving of log files)
o Backup your logfiles automatically, set log rotation period
(day, week, month, interval)
* Global event logging
o Log events such AlertMail sending, Log rotation, Online updates,
etc.
* Integrated log viewer
o Log file viewer
o XML log file viewer
o HTML/website viewer (support for ACID, SnortSnarf, HTML ouput
generated using IDScenter's report template page etc.)
o CVE search and WHOIS lookups
* Program execution possible if an attack was detected
Requirements:
* Snort 2.x (recommended)
* WinPCAP 2.3 or higher
Regards,
Ueli Kistler
u.kistler () engagesecurity com
www.engagesecurity.com
--
-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ANNOUNCEMENT: IDScenter 1.1 RC3 released on www.engagesecurity.com Ueli Kistler (Jun 16)