Prelude 0.9 Sensor for ARGUS
Olaf Gellert
og at pre-secure.de
Fri Sep 30 03:40:24 EDT 2005
HI all,
I have done a complete rewrite of my sensor "raprelude"
which logs argus records to a prelude manager.
The sensor generates IDMEF (Intrusion Detection Message
Exchange Format) alerts containing most of the information
of an ArgusRecord (right now ARP and RARP-records are
skipped) and sends these to a prelude manager. Right now it
has a set of rules (a little bit like Snort or Firewall
rules) that match ports, addresses, etc and provide a
classification and a severity level for the record.
We use the sensor to visualize the difference between
what our IDS has seen (packets which matched an attack
signature) and what other (especially unwanted) traffic
existed.
It's on: http://www.intrusion-lab.net/raprelude/
Cheers, Olaf
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Phone: (+49) 0700 / PRESECURE og at pre-secure.de
A daily view on Internet Attacks
https://www.ecsirt.net/sensornet
More information about the argus
mailing list