IDEA free download, IDEA download on software download

Java-based client-server architecture for processing network intrusion detection data The IDEA (Intrusion Detection Exchange Architecture) server receives XML alerts from Snort sensors buffers them for further review by clients. The console provides a real-time view of IDS activity.IDEA is an architecture for implementing a distributed intrusion detection system on a computer network. It provides a way to incorporate many different IDS sensors into an architecture, and have them report to a central IDS server. This server collects, aggregates, and correlates data from the sensors, providing a unified view of network activity. By specifying an open API, many different clients can connect to the IDEA server and "subscribe" to the event notification service so that the client will be notified any time a new alert is received from any of the sensors. This type of architecture can greatly enhance a security administrator's situational awareness of network events, allowing faster response to malicious activity. Currently, IDEA has implemented an architecture for receiving/processing/displaying alerts from the Snort IDS server. Other IDS systems (both host- and network-based) are planned for inclusion into the IDEA architecture. Here are some key features of "IDEA":Current features of the IDEA server include:· Administrator definable alert buffer size (specify the number of alerts to hold)· Alert forwarding (allows creation of IDEA hierarchies)· Administrator definable max users· Security access controls (specify which users and hosts can connect)· Java/CORBA based (allows connections from many different types of clients)· Keepalives (prevents dead or hung clients from denying access to other clients)· Secure authentication - MD5 challenge/response based user authentication ensures that no passwords go by in the clear Current features of the Java client application are:· Alerts displayed in real-time as they are received from sensors· Filtering / sorting capability shows you only the data you're concerned with· Colorization of alerts from user-specified IPs/networks improves awareness· Automated e-mail/pager notification of high-priority events (user definable)· Graphical/geospatial display of events in real-time· Sensor management -- store information about each sensor in your network· Database connectivity (currently MySQL, others planned) -- ability to query for the following: alerts within a specified time range, alerts matching user-defined patterns, graphical display of top 10 source & destination addresses & ports, most active sensors, number of alerts, and top 10 alert signatures · Standalone capability - can receive alerts directly from sensors rather than from IDEA server· Rapid query of related alerts -- instantly see if he's hit your network before· Collaboration -- IDEA server provides the capability to "chat" with other security admins who are connected to the same IDEA server -- pool your efforts and put your brains together.· Host info lookup -- one click whois and NSLookup returns information on suspicious traffic· Email alert summaries -- rapidly send a summary of an alert to a collaborator.· Sensor ignore list -- allows division of labor so analysts only receive alerts from "their" sensors Current features of the web client (servlet) are:· Quick, web-based summary of alerts in the IDEA-server's cache· Ability to drill down and see alert information: network and transport layer information, sensor information, and quick summary information· ARIN-based web Whois lookups for IP addresses· Snort.org-based port database lookups for TCP/UDP port reference information· Server statistics information· Links to several security-related sites

IDEA Related Software