No news for your language!

Web application is a part of complex IDS implementation. A case of implementation is presented on picture below.

Current version of our solution consists of

  • Linux OpenSuSE 12.3+ x86 or x86-64
  • Snort 2.9+ with DAQ and our patches (about 39000 active rules, total 41200)
  • SnortSam 2.9 with our patches
  • Barnyard2 2-1.13
  • Tomcat 7+
  • Firewall configuration scripts (24 additional net filter chains, about 1500 rules)
  • Scripts for automatic updating rules
  • Script based monitoring daemon
  • Web server and cache server logs parsing scripts
  • JSP based console user interface: IDS rules updating, setting individual and group rule action, restarting IDS, updating permanent blocking firewall rules set, activate and deactivate SnortSam generated firewall rules and other functions.
Pic. 1. A case of transparent bridge IPS implementation

Pic 1. A case of transparent bridge IPS implementation.


Discussion and Support