what you don't know can hurt you
Showing 1 - 25 of 836 RSS Feed

Intrusion Detection Files

Logwatch 7.5.6
Posted Jul 23, 2021
Site sourceforge.net

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.

Changes: Fixed bugs.
tags | tool, intrusion detection
systems | unix
MD5 | 413e40e744c876861249df830a672970
Zeek 4.0.3
Posted Jul 7, 2021
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Updates added to skip input framework entries with missing but non-optional fields, address a segfault in input framework when reading unset fields, deprecate stepping-stone analyzer events, and more.
tags | tool, intrusion detection
systems | unix
MD5 | 39ec3bcfbe7f179ae042ad2cf424248d
Suricata IDPE 6.0.3
Posted Jul 2, 2021
Site suricata.io

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Five security fixes, two features, and over a couple dozen bugs have been addressed.
tags | tool, intrusion detection
systems | unix
MD5 | a8879aa127efd5c1bec51a99f3614fdc
Falco 0.29.1
Posted Jul 1, 2021
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: 3 minor rule changes.
tags | tool, intrusion detection
systems | unix
MD5 | c815acae6550b3c0ebbf85ffaeea1a07
Samhain File Integrity Checker 4.4.5
Posted Jul 1, 2021
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Fixed a memory leak introduced in 4.4.4.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | 67ae752dc862c44a941be84fa5513fca
Falco 0.29.0
Posted Jun 22, 2021
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: 5 rule changes and about a dozen non-user facing changes.
tags | tool, intrusion detection
systems | unix
MD5 | 938c2ed46ff2f83ca2be4dea36141532
Zeek 4.0.2
Posted Jun 3, 2021
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Five bug fixes and two denial of service conditions addressed.
tags | tool, intrusion detection
systems | unix
MD5 | d79d04932d6a656042fdb7e675dd0701
Falco 0.28.1
Posted May 7, 2021
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: Major changes include new --support output which includes info about the Falco engine version, new alert output in the unlikely situation it's receiving too many consecutive timeouts without an event, and a new configuration field syscall_event_timeo.
tags | tool, intrusion detection
systems | unix
MD5 | 57a9d184b9bfddbd68c03a2a76df1fb0
Zeek 4.0.1
Posted Apr 22, 2021
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: This is a release that addresses quite a few bugs including a null-pointer dereference vulnerability.
tags | tool, intrusion detection
systems | unix
MD5 | 610c02b5b5ccaea7a1ac377534ab1894
Falco 0.28.0
Posted Apr 12, 2021
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: Breaking changes include a deprecation of Bintray, SKIP_MODULE_LOAD env variable no more disables the driver loading, and the init.d service unit is not shipped anymore in deb/rpm packages in favor of a systemd service file. Various new additions including support for exceptions as rule attributes to provide a compact way to add exceptions to Falco rules.
tags | tool, intrusion detection
systems | unix
MD5 | 301aaacb650c7c8dee6e7b735a568627
Zeek 4.0.0
Posted Mar 2, 2021
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Added support for EDNS0 Cookie and Keep-Alive options. Added new Packet Analysis plugin architecture for parsing packet headers at layers below the existing Session analysis plugins. A few other additions as well as improvements to capture-loss.zeek.
tags | tool, intrusion detection
systems | unix
MD5 | 3178eb66e9ac62e8e61707d34c8855f9
Suricata IDPE 6.0.2
Posted Mar 2, 2021
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Fixed crashes, a leak in signature parsing with urilen, a CPU exhaustion issue, and many other bugs.
tags | tool, intrusion detection
systems | unix
MD5 | 4024fd07bed74c22874862a501311241
Zeek 3.2.4
Posted Feb 23, 2021
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: A denial of service issue has been addressed as well as two bugs.
tags | tool, intrusion detection
systems | unix
MD5 | 12687bbdab008fa1c1f6d55ff97f3c20
AIDE 0.17.3
Posted Feb 11, 2021
Authored by Rami Lehti | Site aide.github.io

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

Changes: Fixed group usage in --after config line.
tags | tool, intrusion detection
systems | unix
MD5 | b642b5da44e827da57ae24b3670e4b33
AIDE 0.17.2
Posted Feb 8, 2021
Authored by Rami Lehti | Site aide.github.io

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

Changes: Fixed null pointer dereference in db_close(). Fixed out-of-bounds read of attributes array.
tags | tool, intrusion detection
systems | unix
MD5 | 7b79cd5cf3fde3d4ca75a9b19ca39de7
AIDE 0.17.1
Posted Feb 1, 2021
Authored by Rami Lehti | Site aide.github.io

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

Changes: Fixed typos in log messages and aide.conf man page. Fixed a messaging error and removed a leftover include.
tags | tool, intrusion detection
systems | unix
MD5 | 9b342a313d3b0e7a610868be32becc72
AIDE 0.17
Posted Jan 25, 2021
Authored by Rami Lehti | Site aide.github.io

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

Changes: Updated man pages. Removed outdated aide.conf.in. Limited number of nested includes. Updates to documentation and various bug fixes.
tags | tool, intrusion detection
systems | unix
MD5 | f12b8fb2c7b55245addfb67fbbcf12d3
Logwatch 7.5.5
Posted Jan 25, 2021
Site sourceforge.net

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.

Changes: Fixed bugs.
tags | tool, intrusion detection
systems | unix
MD5 | b658e4db27d905151396ecadcbcb24b1
Falco 0.27.0
Posted Jan 19, 2021
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: New major changes include a falco engine version to grpc version service and an asynchronous outputs implementation where outputs channels will not block event processing anymore. 5 bugs fixed. 6 rule changes. 10 non-user facing changes.
tags | tool, intrusion detection
systems | unix
MD5 | e51a36559318339f47f8dd328cb770e9
Zeek 3.2.3
Posted Dec 16, 2020
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: This release fixes a security issue and about a half dozen other bugs.
tags | tool, intrusion detection
systems | unix
MD5 | 3918275e225a850888d121fa738a5d89
Suricata IDPE 6.0.1
Posted Dec 4, 2020
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: A couple features were added and many bugs were addressed.
tags | tool, intrusion detection
systems | unix
MD5 | 39136d5c07203513ff207d70cda334ef
Falco 0.26.2
Posted Nov 10, 2020
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: DRIVERS_REPO updated.
tags | tool, intrusion detection
systems | unix
MD5 | 675a73dd8b5cb2da098fc07e8c914807
Samhain File Integrity Checker 4.4.3
Posted Nov 2, 2020
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Now allows console logging to a unix domain socket. Fixed spurious cppcheck warnings, gcc 10 compiler warning in sh_audit.c, gcc 10 compiler warning in sh_ipvx.c, gcc 10 compile problem in sh_tiger1_64.c, and gcc 10 compiler warning in sh_portcheck.c.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | 5a314bb9e345e93012bf2e9b2ffb7b24
Zeek 3.2.2
Posted Oct 8, 2020
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Fixed multipart MIME leak of sub-part found after closing-boundary. Improved CI benchmark script's error handling/messaging. Fixed incorrect RSTOS0 conn_state determinations.
tags | tool, intrusion detection
systems | unix
MD5 | 843f2edb59fc6fa52762b2800fb2c3d3
Suricata IDPE 6.0.0
Posted Oct 8, 2020
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: This major new release is the result of a year of work by the OISF development team and the Suricata community. It has improvements to detection capabilities, stability, and more.
tags | tool, intrusion detection
systems | unix
MD5 | bbddcf2f209930206ef21977d40120d2
Page 1 of 34
Back12345Next

File Archive:

August 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    1 Files
  • 2
    Aug 2nd
    7 Files
  • 3
    Aug 3rd
    5 Files
  • 4
    Aug 4th
    7 Files
  • 5
    Aug 5th
    7 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close