Cyberprobe is a distributed architecture for real-time monitoring of networks against attack. The software consists of two components: cyberprobe, which collects data packets and forwards it over a network in standard streaming protocols; and cybermon, which receives the streamed packets, decodes the protocols, and interprets the information. Cyberprobe can optionally be configured to receive alerts from Snort. In this configuration, when an alert is received, the IP source address associated with the alert is dynamically targeted for a period of time. Collecting data and forwarding over the network to a central collection point allows for a much more "industrialized" approach to intrusion detection. The monitor, cybermon, is highly configurable using LUA, allowing you to do a great many things with captured data: summarize, hexdump, store, and respond with packet injections.
Hawk IDS/IPS is a lightweight log analyzer which was designed to be fast and efficient. It scans log files on the fly and bans IPs which make too many password failures. It adds iptables rules to reject the IP addresses. You can define the logfiles. Hawk provides a unique Web interface and flexibility, and supports sshd, dovecot, courier, pure-ftpd, proftpd, cPanel, and DirectAdmin.
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. That can mean many things, but the only scenario in which LibHTP has been tested so far is the one when you need to parse a duplex HTTP stream that you have obtained by passively intercepting HTTP traffic. Just feed the raw TCP stream to LibHTP and it will do the rest.
LoginIDS provides functions to analyze log files from different services in order to detect unusual login behavior. The normal user behavior is learned by analyzing log files and saved in a database. Logins are analyzed by time, service, source, and destination address. If a user's login is new or considered unlikely by LoginIDS, an alert is generated. Alerts can be handled by external scripts and viewed using the log file management system Splunk and the LoginIDS App.
NSIA (Network System Integrity Analysis) is a Web application monitoring system that scans sites for potentially unwanted context such as defacements, unauthorized changes, errors, information leaks, profanity, and compliance issues. It operates as an IDS (Intrusion Detection System) for Web sites.
Nova is a software application for preventing and detecting hostile network reconnaissance (such as nmap scans). It does this by first creating the Haystack: a large collection of low interaction honeypots using an updated version of Honeyd. Finding real machines on the network becomes like finding a needle in a haystack of fake machines. Second, Nova uses machine learning algorithms to automatically detect and classify attempts at hostile reconnaissance, so there's no need to go searching manually through your honeypot's log files. It provides an easy to use Web-based interface powered by Node.js to configure itself and Honeyd instances.
The Realeyes IDS captures and analyzes full sessions. When an incident is reported, the graphical user interface will display both halves of the session to determine what occurred. The GUI also provides management of application users, sensors, and a database. Realeyes is a replacement for the RenaissanceCore software.
The Securepoint Unified Threat Management (UTM) security solutions provide all important security applications (firewall, VPN gateway, virus scanner, spam filter, Web filter, IDS, etc.) within a corresponding server environment, to ensure smooth updates of all systems and to make the everyday usage of these systems successful and secure for companies. They are available as UTM hardware appliances, as virtual appliances, and as a pure software solution which can be installed on standard computer systems and may be adjusted according to individual requirements. Securepoint is Windows 7-ready and supports IKEv1 and IKEv2.