IDS Security Management Platform

You can get updated with the latest release, tech document by subscribing the following email list:

• https://lists.sourceforge.net/lists/listinfo/idsm-release
  IDSM platform release email list
• https://lists.sourceforge.net/lists/listinfo/idsm-tech
  You will get notification of the tech document update on this site by this list

1. Setup snort sensor to use either the syslog alert or mysql alert or both of them(recommended).  You can then enable the OSSEC to accept snort sensor's syslog output and analysis the snort log.

1. First download the snortrules in zipped tar format.
2. Rename the file as srules.tar.gz
3. Put the file into the central server under the /var/www/html-unsecure
4. Update rules from snortcenter
5. Apply rules to sensors.

Note:

You can have OSSEC to send out email alert in real time. Here is how:

This page is under construction. Please check back for update.
Use the contact page for your support request at this moment.

1. Make sure you started crond daemon in your rcC file
2. Create a crontab file in the configuration floppy disk
3. Put the following item in the file
   • * 1 * * * /usr/sbin/ntpdate NTPServerIP
4. Put the following item in rcC file
   • /usr/bin/crontab crontabfilename
5. Add this file item into etc.lst file in configuration floppy disk

1. Enable user authentication
2. Setup and create archive database,after processing the alerts, move them into the archive database. Then all the report/graph will be generated from the archive database
3. Or you can use a cron job to move alerts older than N days into the archive database
4. Schedule backup of archive db periodically

Here is the real world practical guide for using the suite more efficiently and effectively.

It may sound like a over-kill. But it will provide insight by adding BI suite software for analyzing the IDS events.
Pentaho is open source BI suite from http://www.pentaho.org