Intrusion Detection Exchange Arch. / News: Recent posts

IDEA 1.2 Released

IDEA 1.2 has (finally) been released. After dealing with some issues with the Snort XML transmitter, a solution has been found. The gentlemen at Vigilant Minds have released the latest version of the patch to Snort 2.0.2, which fixes the bugs that were causing Snort to crash when an alert was created. This new patch is included with IDEA 1.2 for your convenience. Due to the lack of support in the active Snort distribution for the XML transmitter (i.e. it now must be maintained by a third party), I have elected to pursue a Syslog-based listener for alerts. Look for this in IDEA 1.2.1. The Syslog module will likely have a regexp based rules language so that any Syslog event can be parsed and sent to IDEA as an alert. This will allow a greater level of detail in the alerts that can be received and processed by IDEA. In summary, there are some big changes that are coming, but I am enthusiastic about this project and look forward to continuing to work on it.

Posted by Ian Duffy 2003-11-08

Status of IDEA

The IDEA project has been through a few delays lately, mostly because of my recent separation from the US Air Force, but also due to other reasons which I will not mention. IDEA is still being actively developed. I recently got settled in to my new residence and will be coding on IDEA as time and my new job permit. The project tasks are growing ever larger each day and any Java programming assitance that is available would be greatly appreciated. I just recently completed the secure client-server authentication mechanism (look for it in the next release), and my next goal is Oracle support (two goals towards achieving enterprise acceptance). I am actively seeking feature requests and am prioritizing the requests that I recieve based on the amount of feedback that I am receiving. Check the feature requests page for more information on the feature requests that have been submitted, and, if you don't see something that you'd like included, SUBMIT IT!! My biggest priorities after the authentication mechanism and Oracle support are the Web interface and the secure transport mechanism for sensor-to-server communications. After that, I would like to focus on the inclusion of other IDS / eventlog data into IDEA. Anyhow, I appreciate the support of the open source community and I look forward to the opportunity to provide you with my software and source code. I hope that my efforts help make your networks more secure and I look forward to working with you in the future!

Posted by Ian Duffy 2003-08-29

IDEA 1.1.1 to be released next week

Testing is currently under way on IDEA 1.1.1. New features in this release will include more robust user authentication with permissions, better database query performance, ability to delete alerts from the database (with the proper permissions, of course). Also, work has begun on the ability to receive and process Unix syslog data into IDEA to further enhance the reporting capability of the architecture. Stay tuned.

Posted by Ian Duffy 2003-04-22

IDEA web page released

I've finally gotten around to posting the IDEA web page. There's general project information as well as screen shots and documentation. Please let me know what you think!

Posted by Ian Duffy 2003-04-19

IDEA 1.1.0 released

Here it is folks. Lots of fixes / changes under the hood -- it should be stable and quick. Enjoy, and please submit bugs / feedback.

Also, if anyone out there is looking for a Java programmer / Network Security expert, let me know. I'm out of the Air Force in only 3 months and am actively seeking employment. =)



Posted by Ian Duffy 2003-03-22

IDEA 1.1 will be out later this week.

IDEA 1.1 is coming soon. There are a lot of new changes in 1.1, mostly under-the-hood type things. I have added the preliminary code for user authentication to the IDEA server, and implemented permissions checking on the server methods. I've also done a lot of re-organizing and cleaning up of the console and server code, so anyone who wants to help with the coding side of things should have an easier time of it now. The code is much more modular and extendable (still not perfect, but closer to it). I have put much effort into bug hunting and testing, so hopefully this next release will be bug-free. Also, for you Mac OS X users, there has (thankfully) been an update to the OS X JVM, so you should now be able to run IDEA. Run System Update to get this Java update.... read more

Posted by Ian Duffy 2003-03-19

IDEA 1.0.2 released

Version 1.0.2 contains many feature enhancements, the largest of which is support for the PostgreSQL database. There are also some minor security fixes to the IDEA server and some ease-of-use enhancements to the web application.

Posted by Ian Duffy 2003-02-23

IDEA 1.0.1 released

This version has a few bug fixes on the server and on the console, and adds new features. See the changelog for all of the details.

Posted by Ian Duffy 2003-02-07

IDEA version 1.0 released.

IDEA is a Java-based intrusion detection architecture, providing tools to a security admin to be able to view security events in real-time. IDEA receives and processes alerts from Snort sensors and displays them on a graphical console where an admin can click through several layers of detail about the alerts.

IDEA version 1.0 is our project's initial release.

Posted by Ian Duffy 2003-01-18

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks