17 projects tagged "IDS"

No download Website Updated 28 May 2014 SELKS

Screenshot
Pop 29.14
Vit 1.00

SELKS is a Debian-based IDS/IPS platform with LXDE. It is comprised of the following major components: Suricata IDPS, Elasticsearch, Logstash, Kibana, and Scirius. It is both a live and installable ISO, and is ready to use out of the box.

Download Website Updated 21 May 2014 Scirius

Screenshot
Pop 68.65
Vit 1.61

Scirius is a Web interface dedicated to Suricata IDS/IPS ruleset management. It handles the rules file and updates associated files.

No download Website Updated 02 Oct 2013 Cyberprobe

Screenshot
Pop 74.88
Vit 2.52

Cyberprobe is a distributed architecture for real-time monitoring of networks against attack. The software consists of two components: cyberprobe, which collects data packets and forwards it over a network in standard streaming protocols; and cybermon, which receives the streamed packets, decodes the protocols, and interprets the information. Cyberprobe can optionally be configured to receive alerts from Snort. In this configuration, when an alert is received, the IP source address associated with the alert is dynamically targeted for a period of time. Collecting data and forwarding over the network to a central collection point allows for a much more "industrialized" approach to intrusion detection. The monitor, cybermon, is highly configurable using LUA, allowing you to do a great many things with captured data: summarize, hexdump, store, and respond with packet injections.

Download No website Updated 26 Mar 2013 ThreadFix

Screenshot
Pop 37.71
Vit 1.05

ThreadFix is a software vulnerability aggregation and management system that reduces the time it takes to fix software vulnerabilities. It imports the results from dynamic, static, and manual testing to provide a centralized view of software security defects across development teams and applications. The system allows companies to correlate testing results and streamline software remediation efforts by simplifying feeds to software issue trackers. By auto-generating application firewall rules, this tool allows organizations to continue remediation work uninterrupted. ThreadFix empowers managers with vulnerability trending reports that show progress over time, giving them justification for their efforts.

No download No website Updated 15 Apr 2013 Nova: Network Anti-Reconnaissance Tool

Screenshot
Pop 91.50
Vit 1.94

Nova is a software application for preventing and detecting hostile network reconnaissance (such as nmap scans). It does this by first creating the Haystack: a large collection of low interaction honeypots using an updated version of Honeyd. Finding real machines on the network becomes like finding a needle in a haystack of fake machines. Second, Nova uses machine learning algorithms to automatically detect and classify attempts at hostile reconnaissance, so there's no need to go searching manually through your honeypot's log files. It provides an easy to use Web-based interface powered by Node.js to configure itself and Honeyd instances.

Download No website Updated 19 Aug 2013 LoginIDS

Screenshot
Pop 35.54
Vit 25.82

LoginIDS provides functions to analyze log files from different services in order to detect unusual login behavior. The normal user behavior is learned by analyzing log files and saved in a database. Logins are analyzed by time, service, source, and destination address. If a user's login is new or considered unlikely by LoginIDS, an alert is generated. Alerts can be handled by external scripts and viewed using the log file management system Splunk and the LoginIDS App.

No download Website Updated 06 Jul 2012 redBorder IPS

Screenshot
Pop 25.38
Vit 26.30

redBorder IPS is a high performance intrusion prevention system based on Snort running on top of a clustered pf_ring with specific enhancements. A Web management interface is provided to control a large number of such devices, including snort and device configuration, rule management, SNMP monitoring, user roles, and multi-domain support.

Download No website Updated 05 Mar 2012 StopHack

Screenshot
Pop 41.67
Vit 28.62

StopHack is a simple to use and easy to install intrusion prevention system. It is fully adaptable and easily customized to your environment. It is built on top of proven bandwidth arbitration technology so the traffic passing through it won't be slowed down. Every packet is analyzed with regular expression-based behavior anomaly detection, and hackers are blocked immediately. It prevents reflected cross-site scripting, SQL injection, directory traversal, reflected URL redirects, login brute forcing, remote shell execution, and more.

Download No website Updated 24 Jan 2012 Hawk IDS/IPS

Screenshot
Pop 22.18
Vit 29.27

Hawk IDS/IPS is a lightweight log analyzer which was designed to be fast and efficient. It scans log files on the fly and bans IPs which make too many password failures. It adds iptables rules to reject the IP addresses. You can define the logfiles. Hawk provides a unique Web interface and flexibility, and supports sshd, dovecot, courier, pure-ftpd, proftpd, cPanel, and DirectAdmin.

Download No website Updated 11 Nov 2011 WormTrack

Screenshot
Pop 31.24
Vit 1.00

WormTrack is a network IDS that allows detection of scanning worms on a LAN by monitoring anomalous ARP traffic. This allows detection of scanning threats on the network without having privileged access on a switch to set up a dedicated monitor port. It does not require constant updating of the rules engine to address new threats.

Screenshot

Project Spotlight

QtIPy

A GUI-based automator for IPython notebooks.

Screenshot

Project Spotlight

Le Biniou

Displays images that evolve with sound.