Technological partners
Technological
Strengthen your security with IDMEF Open-source probes.
Through the use of IDMEF format (RFC 4765) and libprelude, Prelude SIEM is natively compatible with all major open source intrusion sensors. Thus, these probes can be stored at the Prelude manager and submit their notifications directly.
Advantages :
- Reduced log volumes to be transmitted over the network (only the alerts are sent)
- A better response time of the SIEM
- Opportunity to improve the security of your network by relying on open source components
- Compliance with IDMEF standard and its richness in the various components of your network
Suricata
Suricata is an open-source probe of intrusion detection, fast and robust. The Suricata Engine has intrusion detection capabilities in real-time (IDS), network security monitoring (NMS) and can handle captured PCAP afterwards. Suricata inspects network traffic by using powerful and comprehensive rules; a signature language. It has a powerful Lua scripting engine to detect complex threats.
OSSEC
OSSEC is an opensource host-based intrusion detection system (HIDS). It is able to analyze the logs, check the integrity of the data, analyze the Windows registry, detecting rootkits, a realise a time-based study and allows the use of active responses.
Samhain
Samhain is an open-source host-based intrusion detection system(HIDS). It provides integrity verification, analysis and file management as well as rootkit detection, network ports management,detection of executables having an active but unplanned SUID and detection of hidden processes. Samhain was designed to manage multiple hosts with different operating systems while providing traceability and centralized service although it can aIso be used as an application on a single host.
- Orchids -
Orchids is a tool for analyzing real-time events and time correlation for detecting intrusion in the reaction.
SpamAssassin
SpamAssassin is the No. 1 anti-spam platform that offers system administrators a filter to classify e mails and block spam (unsolicited mass mailings). It uses a scoring system and plugins to integrate a wide range of testing heuristics and statistics on e mail headers and body text with, in addition, a text analysis, Bayesian filtering, closed lists DNS and collaborative filtering databases.
ClamAV
ClamAV ( "Clam AntiVirus") is an antivirus software. It is generally used with email servers to filter e mails but also on the hosts for the local detection. Targets viruses of all types.
SNORT
Snort is an open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) created by Martin Roesch in 1998. SNORT is now developed by Sourcefire, of which Roesch is the founder and Technical Director, and which Cisco owns since 2013.
Squid
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and other standard protocols. It reduces bandwidth and improves response time by hiding and reusing frequent search queries of web pages. Squid has access possibilities and extensive control. It runs on most operating systems available, including Windows.
AUDITD
The audit system is a HIDS maintained by RedHat. It has been designed to integrate tightly with the kernel and monitor interesting sytem calls interesting. Furthermore, probably because of this level of integration and the detailed recording, it is used as a recorder for SELinux.
SANCP
SANCP is a network security tool designed to collect statistical information about network traffic and its recording in pcap format for auditing, history analysis and network activity discovery. Rules can be used to distinguish normal traffic from abnormal traffic and labelling: id rules, id node and id status. From the point of view of intrusion detection, all connections are events that must be validated through means.
LINUX PAM
Linux authentication modules extensions (PAM ) provides a dynamic authentication support for applications and services on Linux or GNU / kFreeBSD system. Linux PAM has evolved since the architecture extensions of Unix authentication modules.
Kismet
Kismet is an open source network detection, sniffer and intrusion detection system for 802.11 wireless network.
Nepenthes
Nepenthes is an active defense system of interaction like honeyd or mwcollect. These active defense systems mimic known vulnerabilities to gather information about potential attacks. Nepenthes is designed to mimic those to be propagated and used to capture them. Nepethes is flexible to the extent that there are several possibilities of spreading worms.
Modsecurity
ModSecurity is a web application firewall (WAF) for the management of real-time application, authentication and access controls.
CrawlProtect
CrawlProtect is the script that protects your website. It blocks attempts to connect to your site by identifying the injection attempts code, SQL, visits of "Badbots", website mirroring software and shell command execution attempts.