./security/prelude-correlator, Intrusion event correlation engine

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 0.9.0beta8nb2, Package name: prelude-correlator-0.9.0beta8nb2, Maintainer: shannonjr

Prelude-Correlator serves to correlate, in real time, the multiple
events received by Prelude. Several isolated alerts, generated
from different sensors, can thus trigger a single correlation
alert should the events be related. This correlation alert then
appears within the Prewikka interface and indicates the potential
target information via the set of correlation rules.

Signature creation with Prelude-Correlator is based on the powerful
programming language Lua.


Required to run:
[devel/py-setuptools] [lang/python26] [security/libprelude-python]

Master sites:

SHA1: 962f3c899ed01b9a0efc1368687d6a914e176c73
RMD160: 9ed8e35357ba1bbe6a09c6cb906df28d4f84e347
Filesize: 175.501 KB

Version history: (Expand)

CVS history: (Expand)


   2010-03-23 19:01:48 by Joerg Sonnenberger | Files touched by this commit (4) 
Log message:
Install data files to share/examples to make sure they end up in the
binary package. Fixes DESTDIR installation at the same time. Bump revision.
   2010-02-10 20:17:48 by Joerg Sonnenberger | Files touched by this commit (205) 
Log message:
Bump revision for PYTHON_VERSION_DEFAULT change.
   2009-11-07 19:30:29 by Hasso Tepper | Files touched by this commit (4) | Package updated
Log message:
Update to 0.9.0-beta8 (by Rumko via private mail).

0.9.0-beta8:
- Include spamhaus_drop.dat in the source distribution. Fix installation
  issue (closes #364).

0.9.0-beta7:
- Initial SpamhausDrop plugin implementation, by
  Wes Young <wes@barely3am.com> (closes #363)
- Do not discard --root parameters if prefix is absolute.
- Python 2.4 backward compatibility fixes.
- Handle plugin loading error gracefully.
- Improve WormPlugin accuracy, and make it carry a reference to the
  initial event. The plugin used to alert when seeing an alert to a
  given target, and this same alert going back to the source. This can
  happen in a number of case (example: Netbios alert triggered by Snort)
  As of now, the plugin will wait for the events to be repeated against
  at least 5 differents hosts.
- Dshield CorrelationAlert now handle multiples events. Previously, we
  used to generate a single Dshield CorrelationAlert for each events
  where the source address would match the Dshield database. The plugin
  now generate CorrelationAlert for multiples events received from the
  same source.
   2009-10-02 12:15:10 by Hasso Tepper | Files touched by this commit (4) | Package updated
Log message:
Correct PLIST problems and conf file handling. Bump PKGREVISION.
   2009-08-24 14:30:09 by Hasso Tepper | Files touched by this commit (6) | Package updated
Log message:
Update to 0.9.0-beta6. Rewritten from scratch in Python instead of lua.
From Rumko via PR 41763.
   2009-06-14 20:13:41 by Joerg Sonnenberger | Files touched by this commit (154) 
Log message:
Remove @dirrm entries from PLISTs
   2009-05-20 02:58:30 by Thomas Klausner | Files touched by this commit (277) | Package updated
Log message:
Recursive ABI depends update and PKGREVISION bump for readline-6.0 shlib
major change.

Reported by Robert Elz in PR 41345.
   2008-07-21 14:16:46 by John R. Shannon | Files touched by this commit (9) | Imported package
Log message:
Prelude-Correlator serves to correlate, in real time, the multiple
events received by Prelude. Several isolated alerts, generated from
different probes, can thus trigger a single correlation alert should the
events be related. This correlation alert then appears within the
Prewikka interface and indicates the potential target information via
the set of correlation rules.