Config File Simplification…
Ever go into a config file for some application in Linux looking for one small config setting to see what it is set at (or if it is set at all) only to be presented with a hundred lines of comments and config settings that you have to wade through? Here’s a command I run [...]
New version of Prelude SIEM released.
I just learned that the French company that develops Prelude SIEM just released a new version for the first time since I started following it. It’s been nearly two years since I started to use Prelude, and over 18 months since I deployed my first production system using the free version (1.0.0) and a couple [...]
Prelude Take II
I’m diving back into the world of IDS/IPS/SIEM and Prelude in particular. I urge anyone considering using it for network security monitoring and alerting to go with a Red Hat derivative, as Red Hat’s Steve Grubb has put together some great packages and instructions that just work. In my previous build I used FC13. This [...]
PreludeIDS IDMEF-Criteria Filtering Success
I’ve been using Prelude SIEM for a month now, and have fought off and on with the prelude-manager.conf file’s idmef-criteria and threshold settings to try to fine tune the smtp alerts a bit. I had to focus mainly on tuning at the sensor level (Snort, OSSEC) because I could not, even with user community and [...]
Snort COMMUNITY-BOT IRC server Detected…false alerts?
I just looked back 15,000 hours in Prewikka, and it’s as I suspected…something recently (3 days ago) started triggering massive numbers of alerts on our internal Snort sensor. The alert triggered is COMMUNITY BOT Internal IRC server detected, Sig ID 1:100000241. There have been 3 instances when the alerts (in mass quantities each instance) were [...]
IDMEF Paths/Messages – Prelude IDS
I have no idea if this list is complete or not, but I had been looking for a list of possible IDMEF messages, particularly as applied to Prelude IDS/SIEM. I was playing with building filters in Prewikka when I noticed that the “build a filter” tool under the settings tab had a loooong list of [...]
Cygwin
Just a quick post to talk about a couple of linux-y things that I always add to any Windows box that I have to use to make my life easier and more enjoyable from a geek perspective. The first thing, at work or at home, that I put on my Win boxes is cygwin. Cygwin [...]
Prelude SIEM all but complete…
I got my second Snort sensor online tonight! I had a bit of trouble and delay due to difficulties caused by the cloning process – and my lack of experience and familiarity with same. In order to speed up the building of my second sensor, which was put onto hardware identical to the first one, [...]
Five Noteworthy Open Source Security Apps
I’m merely condensing an article that I encountered elsewhere, partially for my own benefit (as a reminder to check some of them out later!). All five of these are worth checking out. I’ll be looking into at least 3 of them myself. These are all free (some of them have free and paid versions). 1. [...]