Open source VA-IDS correlation daemon QuIDScor v1.2 released!

From: Laurent Demailly (ldemailly_at_qualys.com)
Date: 10/10/03

  • Next message: Brian Wotring: "Re: Host Based IDS Recommendations?" 
    Date: Fri, 10 Oct 2003 11:51:49 -0700
To: focus-ids@securityfocus.com

      Hello everybody,

    I'm pleased to announce that we made major improvements to
    our BSD licensed correlation daemon QuIDScor. The new 1.2
    release included a much smarter and faster correlation engine,
    now using more information from the Vulnerability Assesment
    data source as well as from the IDS (Snort).

    Some of the changes include:

    - Classification of alerts into three categories: Validated, Unknown,
       and Invalidated
    - Correlate using information about services and applications
    - User-defined mapping file for ID, service and application mappings.
    - Performance enhancements, including:
       - Offline processing of Snort-fastlogs
       - Reprocessing of QuIDScor-logs
       - Separate processes for correlation and communication to VA

    All the details, download link, etc... are on :
    http://quidscor.sourceforge.net/

    Enjoy
    Laurent

    (As I don't want this to be seen as an infomercial, I don't
    mention with which VA system QuIDScor works with but I let
    you guess from my email :-) It could be extended to work with
    more IDSs (it has a plugable architecture to support already
    several IDS alert sources (live snort sockets, log files, ...)
    and possibly more VA systems)

    ---------------------------------------------------------------------------
    Captus Networks IPS 4000
    Intrusion Prevention and Traffic Shaping Technology to:
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Automatically Control P2P, IM and Spam Traffic
     - Precisely Define and Implement Network Security & Performance Policies
    FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
    http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
    ---------------------------------------------------------------------------

  • Next message: Brian Wotring: "Re: Host Based IDS Recommendations?"