IDEA 1.2 Released

IDEA 1.2 has (finally) been released. After dealing with some issues with the Snort XML transmitter, a solution has been found. The gentlemen at Vigilant Minds have released the latest version of the patch to Snort 2.0.2, which fixes the bugs that were causing Snort to crash when an alert was created. This new patch is included with IDEA 1.2 for your convenience. Due to the lack of support in the active Snort distribution for the XML transmitter (i.e. it now must be maintained by a third party), I have elected to pursue a Syslog-based listener for alerts. Look for this in IDEA 1.2.1. The Syslog module will likely have a regexp based rules language so that any Syslog event can be parsed and sent to IDEA as an alert. This will allow a greater level of detail in the alerts that can be received and processed by IDEA. In summary, there are some big changes that are coming, but I am enthusiastic about this project and look forward to continuing to work on it.

Posted by Ian Duffy 2003-11-08