Other articles

  1. Creating a live cd for open source SIEM Prelude and Suricata

    I have started to work on a Live CD for Open Source tools like Prelude SIEM, and software like Suricata, Snort, OpenVAS to send alerts. The goal is to easily test these tools, register new agents, get some alerts and be able to correlate them etc. I also want to add some visualization tools, so this CD could maybe become a reference for security alert detection and report.

    "Prewikka"

    First, a few points on applications used:

    • Debian Live for building the CD. It’s very easy, it’s based on Debian, and it allows me to re-use some work I’ve done
    • Suricata IDS, which is a very promising project
    • Snort IDS, with the free signatures
    • OpenVAS to be able to generate alerts
    • Prelude SIEM is the key point: suricata, snort, syslog etc. will send alerts to Prelude, which has a database, a correlator, a web interface (Prewikka) etc.
    • Standard useful tools: nmap, scapy, wireshark, p0f, etc.

    This first version is based on Debian Lenny and arch x86. Everything is based on packages (.debs) to make it easier to maintain, upgrade versions or add patches: most of the time, I just have to rebuild packages from squeeze or sid.

    The build …

    read more

Page 1 / 1