Re: Ossim
From: Andre Ludwig (andre.ludwig_at_gmail.com)
Date: 09/22/05
- Previous message: mccainca_at_gmail.com: "Re: RE: Tippingpoint"
- In reply to: luciani.giorgio_at_gmail.com: "Re: Ossim"
- Next in thread: Craig Rodenberg: "Re: Ossim"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 Sep 2005 17:22:48 -0400 To: "luciani.giorgio@gmail.com" <luciani.giorgio@gmail.com>
Lets not forget Prelude..
http://prelude-ids.org/article.php3?id_article=66
Rather interesting functionality with it as well.
Andre
On 21 Sep 2005 15:02:49 -0000, luciani.giorgio@gmail.com
<luciani.giorgio@gmail.com> wrote:
>
> Hi!
> I'm an It engineering student co Politecnico di Milano. I'm studying ids correlation for my thesis
> and I'm now working on ossim. I think it's a very interesting tool, although it has some problems:
> 1. lack of complete documentation
> 2. server (which implements correlation) c source code completely obscure: not a single comment in all
> the source code, nor a single doc about implementation. Agent and Framework are better commented
> (and they're in python, perl and php).
> 3. difficult installation (except for debian or fedora users); you have precompiled binaries, but
> building from source is a pain (you have to patch other tools as well) and badly documented.
> 4. not portable (server doesn't work well on *bsd)
> Moreover, i think they should have used pure idmef, not a different implementation.
> Anyway, if you can get it work, it's really powerful imho. I think correlation engine could be
> empowered (i'm working on that) because it's composed by a simple fsa implementation (you have to manually
> insert all possible event chain) and a very simple anomaly algorithm (calm).
> This is my impression, and I'd really like to know other's too.
> I'd like to know if someone's tried to work on server sources, and if he's got some documentation
> about this.
> Regards
> Giorgio Luciani
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
- Previous message: mccainca_at_gmail.com: "Re: RE: Tippingpoint"
- In reply to: luciani.giorgio_at_gmail.com: "Re: Ossim"
- Next in thread: Craig Rodenberg: "Re: Ossim"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
