PIG - Prelude IDMEF Grapher
By Sebastien Tricaud on Thursday, May 8 2008, 15:46 - Permalink
The Prelude IDMEF Grapher written to illustrate one aspect of Intrusion Detection Systems for the conference on the subject at CanSecWest this year is getting some attention.
Upon Raffy's request, I added to the excellent Secviz.org the generated graphs from three well-known scanners: Retina, Saint and Nessus.
I attacked my Prelude IDS machine which has two agents: Snort and Prelude LML. Those agents generate IDMEF alerts and PIG connects to the Prelude Manager to listen to any IDMEF event received.
With the power of Python+QT, in one hour I got the code up and running.
If you want to read what Ron Gula from Tenable say about it, you can read his blog post about PIG.
Right now pig's code must be ported to the recent additions from Yoann on top of what Pierre and I wrote to get Prelude easy bindings working. The merge will happen very soon with trunk and then PIG will be improved.
Upon Raffy's request, I added to the excellent Secviz.org the generated graphs from three well-known scanners: Retina, Saint and Nessus.
I attacked my Prelude IDS machine which has two agents: Snort and Prelude LML. Those agents generate IDMEF alerts and PIG connects to the Prelude Manager to listen to any IDMEF event received.
With the power of Python+QT, in one hour I got the code up and running.
If you want to read what Ron Gula from Tenable say about it, you can read his blog post about PIG.
Right now pig's code must be ported to the recent additions from Yoann on top of what Pierre and I wrote to get Prelude easy bindings working. The merge will happen very soon with trunk and then PIG will be improved.
Comments