[prev in list] [next in list] [prev in thread] [next in thread]
List: sectools
Subject: =?iso-8859-1?Q?Tool_Annouce_:_SIDTk_1.0_(S=E9curIT_Intrusion?=
From: "SecurIT Informatique Inc." <securit () iquebec ! com>
Date: 2003-11-03 9:48:44
[Download RAW message or body]
Hello all.
This is to announce the first release of the SécurIT Intrusion Detection
Toolkit, also known as SIDTk 1.0, which is completely Open Source and
available for downloads at http://securit.iquebec.com .
The SIDTk 1.0 is a collection of command-line tools aimed at improving
host-based intrusion detection conditions on Windows desktops and servers.
Some of these tools have originally been shipped with LogAgent 4.0, some
others are natural evolutions of pieces of code introduced with LogAgent
4.0 and LogIDS 1.0 Pro, while the others are based on a variation of the
same principle. It is easy to create new modules based on the same model,
and the code is completely Open Source.
The SIDTk 1.0 contains:
- ADSScan 1.0 : An Alternate Data Streams scanner
- IntegCheck 1.1 : A filesystem integrity checker (i.e. a Tripwire clone)
- LogUser 1.0 : A module to detect invalid user accounts
- LogShares 1.0 : A module to detect non-allowed shares on the machine
- LogServices 1.0 : A module to detect non-allowed services
- LogStartup 1.0 : A module to detect suspicious items inserted for
automatic startup
- LogProc 1.0 : A module to detect rogue processes running in memory
When launched regularly, these modules can help at finding various facets
of an intrusion, and help you to write out false positives and negatives
when combined with other intrusion detection utilities, like Snort and
LogAgent 5.0.
These modules can be undertaken automatically when used with a registered
copy of LogAgent 5.0.
Adam Richard
SécurIT Informatique Inc.
http://securit.iquebec.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic