SV: [Secureideas-base-devel] Design ideas....
Brought to you by:
secureideas,
sinukas
From: Christian S. <Chr...@ti...> - 2005-01-25 06:37:06
|
Hola As always nice work Kevin it's great to have someone like you to push = things forward and keeping the ideas and spirit on a high level. I would also like to see base develop into more of and netForensics kind = of way. When it comes to support of other clients why not start with = that netscreen one that Brian Toovey wrote about since we need to start = somewhere and he offered to help. True role-basing is great and will for sure get lot of positive respond = and so will p0f. When it comes to the DB i will leave that to the developers to decide. I would also like to see a good rule management support in base soon. /Christian =20 -----Ursprungligt meddelande----- Fr=E5n: sec...@li... = [mailto:sec...@li...] F=F6r Kevin = Johnson Skickat: den 25 januari 2005 05:33 Till: BASE Developers =C4mne: [Secureideas-base-devel] Design ideas.... Hi all- Ok here is the start of the design ideas... I believe that it is = important that everyone weighs in on these and gives feedback as I am = going to start coding based on these ideas and any feedback I get from = you all.... I would also like to know what portions each of you would like to be = responsible for. That way we can move forward without a ton of = duplicate effort.... As I see it, and I hope to get feedback from all of you, BASE is capable = of becoming a full featured security engine, with true analysis = capabilities. I would like to rebuild the basic console to have true = role-basing and be object oriented to the best of PHP's ability. It = would have the ability for an analyst to tag an event for review from = another analyst or later study. I am also interested in incorporating = pads or p0f for passive asset mapping along with the ability for the = user to enter assets with a ranking based on the assets = popularity*value*exposure (more on this later) This will allow a person = to generate reports based on a true risk assessment. If anyone has seen = netForensics or similar applications, that is where I see BASE heading. Of course, we need to first redesign and recode the application as it = stands right now. Well, lets get started<g> Can I get some feedback = from everyone on the schema of the database this week. I will try to = build the database objects by the beginning of next week and then we can = get moving. I would like you all to pick what pieces you want to work on. I am = hoping that we can get currently level functionality with the framework = for growth as soon as possible. I am tired of supporting the code base = (no pun intended) while dreaming and planning the next version. I hate re-coding but I also hate not coding at all because I see to many = features or plans. Lets see what we can begin to build while = remembering that this is for us. Lets have fun!<g> I would like to also make sure that we all keep up with the latest in = snort's development plans so that we can continue to support it. Also = what other IDS or log sources would we like to support? I also believe that writing the entire thing in PHP as a web based = application is doomed to repeat what we already have. lets build it = with the ability to run some things as perl or C programs. These things = will perform back ground functions like the caching and such.=20 Feedback.... its late and this is rambling but I think you guys are used = to that from me by now<g> Thanks Kevin |