Monday, March 30, 2009

IDS Policy Manager v3 Released

We are very happy to announce the release of IDS Policy Manager v3. This release has been over a year in the making. There are significant changes in the way the product now works and how it stores rules.

Over the last few years we have moved from each policy being opened individually in v1.x, to all the rules stored in a database, but all policies stayed separate in v2.x. Now in v3 all rules are shared among all update locations. This change makes it much easier to manage multiple policies. You may still have unique rules per policy, but when you have over 20,000 rules that are updated by other sources, it just doesn’t make sense to store each rule for each policy.

In IDSPM v3 each rule is stored 1 time per update location. This greatly decreases the bloating effect of duplicating storage that was done in v2. It also allows you to quickly make changes to all policies that use a rule by disabling it across all policies, or enabling it on only some policies.

We have also added a lot more usability functionality such as new dashboards, support for shared object rules, new policy overviews and made the product easier to use. A lot of time has been put into helping the user use the product. You will notice this from when you first run it. No longer do you need to guess how to get started.. IDSPM will walk you through getting things setup.

For more information, Please visit:
http://www.activeworx.org
Posted by Jeff at 4:04 PM 0 comments

Wednesday, March 11, 2009

Emerging Threats Sid Reporter

If you are not using Emerging Threats tool Sid Reporter you should consider taking a look. SidReporter is a data sharing tool to share which rules are being triggered in your environment. Why would you want to share this information? just think if 100 locations all share which Snort Rules are being triggered. You would get a much better insight of what is going on across the internet. Here are some uses:
  • Tell you a rule is being triggered on other networks, yet you don't have it installed to monitor for it. If it is a common rule, maybe it you should be monitoring for it.
  • Be able to tell when a common rule is popular across the net and not just your network.
  • Trends across time for more popular and less popular rules.
  • New emerging rules that are being seen more over time.

IDS Policy Manager v3 will have Sid Reporter graphs, charts, listings to give better insight on which rules are popular. The more people who use this the more accurate it will be.. so get involved and take a look at this nice tool:

http://doc.emergingthreats.net/bin/view/Main/SidReporter

With latest statistics located here:

http://www.emergingthreats.net/index.php/sidreporter-statistics.html

Posted by Jeff at 11:47 AM 0 comments
Labels:

Monday, March 9, 2009

Activeworx - Free Logger Released!

Activeworx has been hard at work for over the last 6 years on what we feel is the leading edge log management product available. And as many of you know we try to give free products back to the community where we can. Well that time has come again and this time it is in the form of a log management product. This product allows for collection, indexing and querying of log data in the enterprise like no other log management product. We have integrated SIEM normalization with flat file raw logging to create a product which displays events in endless ways and is trivial to get started. Please check out our new release at http://www.activeworx.org/
Posted by Jeff at 4:56 PM 0 comments
Labels:

Wednesday, January 7, 2009

IDSPM with freeSSHd

I had the opportunity to play with freeSSHd today and found that it didn't play well with IDSPM. It looks like freeSSHd doesn't know the difference between rules\ and \rules\. If you are in the \etc\ directory and you try to change to \rules\ it changes to \etc\rules\ instead of \rules\. In build 25 we changed the way IDSPM changed directories. If you try to change to a directory that starts with a \ it now changes to the root directory, then tries to change to the correct directory off root. This should resolve this problem.

Now about freeSSHd... I was impressed with the easy setup and configuration. I got it up and running in no time. Much easier then OpenSSHd for Windows. If you are looking for a simple SFTP server for windows. I would check it out.. just make sure you use IDSPM build 25 or newer if you want to use it with IDSPM.
Posted by Jeff at 1:16 PM 0 comments
Labels:

Friday, December 19, 2008

IDS Policy Manager v2 build 24 released

There was a parsing issue in IDSPM that was brought to our attention. This has been resolved in the latest build 24. The can be downloaded here

We also have a new beta of IDSPM v3 being released early next week. This new build will have new configurable dashboards, fixed a few bugs and add some other nice new features. stay tuned.
Posted by Jeff at 1:40 PM 0 comments

Wednesday, December 17, 2008

IDS Policy Manager is 8 today

Hard to believe the first public release of IDS Policy Manager was released 8 years ago today... It started out as a fun project to try and make sense out of all those rules in a multi-sensor environment... This was back on Snort 1.6 and when there were less then a thousand rules. Now there are over 20,000 rules and a few versions of Snort have been released as well.

With over 150,000 downloads and thousands of users, thanks to all the users for making his project so much fun. Expect more really cool features as we wrap up version 3.0 of the product.

Cheers,
Jeff
Posted by Jeff at 4:10 PM 0 comments

Friday, December 12, 2008

IDS Policy Manager for ASC v3.0 Beta 1 Released

We are happy to announce the release of IDSPM v3.0 for Activeworx v5. This version is designed for a multi-user environment that works as a plug-in for Activeworx v5 SIEM.

You can download it from here after you login.

Posted by Jeff at 11:27 AM 0 comments
Subscribe to: Posts (Atom)