Home > Products > IDScenter

  IDScenter - Snort IDS configuration and management frontend

Download

Help

Description: IDScenter is a front-end for Snort intrusion detection systems (www.snort.org)

Platform: WinNT/2K/XP
Version: 1.1 RC4

Author: U. Kistler

Features:

• Snort 2.0, 1.9, 1.8 and 1.7 support
  o easy access to all settings
  o Interface listing using WinPCAP
  o inline configuration support (options in configuration file instead of command-line parameters, if available)
• Snort service mode support
  o IDScenter takes over control of the Snort service
• Snort configuration wizard
  o Variables
  o Preprocessor plugins
  o Output plugins (Syslog output plugin configuration for Snort 2.x and Snort 1.9.x supported!)
  o Rulesets
• Online updates of IDS rules: IDScenter integrates a http client and starts an update script on demand
  o Full configuration frontend for Andreas Östlings Oinkmaster perl script
  o custom interval for update checks
• Ruleset editor: supports all Snort 2.0 rule options
  o Easily modify your rules
  o Sort rules based on source IP, port, etc.
  o Import rules from files or websites into existant rulesets
• HTML report from SQL backend
  o IDScenter can generate HTML output from your SQL database
  o Custom HTML template
  o Decoding of TCP Flags and more, Hex/Base 64 payload decoding, mutli-threaded DNS resolving possibility
• Alert notification via e-mail, alarm sound or only visual notification
  o Threaded e-mail sending with custom send interval
  o SQL queries can be included in an AlertMail message, which are processed on demand (see above)
  o Possibilty to send the last # lines of your Snort log
  o Notification of attack is also possible with Snort logging to MySQL
  o Add attachments (e.x. the current process list generated by another program)
• AutoBlock plugins: write your own plugins (DLL) for your firewall
  o ISS NetworkICE BlackICE Defender plugin included (possibility to block IP's, TCP and UDP ports, ICMP packets, set block duration)
  o Delphi framework included for fast writing new plugins for other firewalls

  o Test configuration feature: fast testing of your IDS configuration (Snort rule syntax checking etc.)
• Monitoring:
  o Alert file monitoring (up to 10 files)
  o MySQL alert detection: allows centralized monitoring of all Snort sensors
• Log rotation (compressed archiving of log files)
  o Backup your logfiles automatically, set log rotation period (day, week, month, interval)
• Global event logging
  o Log events such AlertMail sending, Log rotation, Online updates, etc.
• Integrated log viewer
  o Log file viewer
  o XML log file viewer
  o HTML/website viewer (support for ACID, SnortSnarf, HTML ouput generated using IDScenter's report template page etc.)
  o CVE search and WHOIS lookups
• Program execution possible if an attack was detected

Requirements:

• Snort 2.x (recommended)
• WinPCAP 2.3 or higher

Reviews:

• Snort 2.0 Intrusion Detection book by Brian Caswell and other authors



• PC Magazine Special (old version)



• SANS Institute review of IDScenter 1.08 (very old)



• NeoTek review (old version, language?)

Screenshots: