[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sectools
Subject:    =?iso-8859-1?Q?Tool_Annouce_:_SIDTk_1.0_(S=E9curIT_Intrusion?=
From:       "SecurIT Informatique Inc." <securit () iquebec ! com>
Date:       2003-11-03 9:48:44
[Download RAW message or body]


Hello all.

This is to announce the first release of the SécurIT Intrusion Detection 
Toolkit, also known as SIDTk 1.0, which is completely Open Source and 
available for downloads at http://securit.iquebec.com .

The SIDTk 1.0 is a collection of command-line tools aimed at improving 
host-based intrusion detection conditions on Windows desktops and servers. 
Some of these tools have originally been shipped with LogAgent 4.0, some 
others are natural evolutions of pieces of code introduced with LogAgent 
4.0 and LogIDS 1.0 Pro, while the others are based on a variation of the 
same principle. It is easy to create new modules based on the same model, 
and the code is completely Open Source.

The SIDTk 1.0 contains:

- ADSScan 1.0 : An Alternate Data Streams scanner
- IntegCheck 1.1 : A filesystem integrity checker (i.e. a Tripwire clone)
- LogUser 1.0 : A module to detect invalid user accounts
- LogShares 1.0 : A module to detect non-allowed shares on the machine
- LogServices 1.0 : A module to detect non-allowed services
- LogStartup 1.0 : A module to detect suspicious items inserted for 
automatic startup
- LogProc 1.0 : A module to detect rogue processes running in memory

When launched regularly, these modules can help at finding various facets 
of an intrusion, and help you to write out false positives and negatives 
when combined with other intrusion detection utilities, like Snort and 
LogAgent 5.0.

These modules can be undertaken automatically when used with a registered 
copy of LogAgent 5.0.

Adam Richard
SécurIT Informatique Inc.
http://securit.iquebec.com/


[prev in list] [next in list] [prev in thread] [next in thread]