ArgusEye - new version
Philipp E. Letschert
phil at uni-koblenz.de
Mon Nov 20 03:46:31 EST 2006
Hi,
there is a new version of ArgusEye to play with:
Download: http://www.uni-koblenz.de/~phil/arguseye/arguseye-0.0.2.tgz
Changelog: http://www.uni-koblenz.de/~phil/arguseye/Changelog
As said by Carter, ArgusEye should have a main target being developed for. I
will try to define one:
The GUI should help in doing (security) forensics on recorded flows. This means
development of features that help in finding the needle in a haystack, and doing
further research on it. e.g. generating tcpdump filter expressions on selected
flows, as suggested by Russel Fulton. Security Policy validation may be a topic
as well. As a byproduct features to generate statistics and/or visualizations of
flow may be useful.
Another feature nice to have, would be copy and paste of flows into new argus
files, to share them (after some anonymization) with other users.
Once there is some stable code (suggested by CS Lee), the target could be
extended to network operations, such as trouble detection or inventory
assessment. (it could be the other way round, but my interest is mainly in
security...)
A next step would then be management of argi (Carter, you really need 100's???)
via the GUI and doing real-time monitoring, having thresholds and automatic
notifications. But as I can predict by now, it'll need some time before
getting there.
Since I'm not an an outstanding expert (TM) in any of the above topics, it is
always good to hear, what YOU are using Argus for, and where a GUI could be of
help. Thanks for all the feedback already recieved!
Cheers,
Philipp
More information about the argus
mailing list