ProbeManager: Centralize Management of Intrusion Detection System

ProbeManager

It is common to see that many IDS (intrusion and detection system), including the software and its rules, are not updated regularly. This can be explained by the fact the software and rule management is often complicated, which can be a particular problem for small and medium-sized enterprises that normally lack system security expertise and full-time operators to supervise their respective IDS. This finding encouraged me to develop an application (ProbeManager) that will better manage network and machine detection probes on a system.

ProbeManager is an application that centralizes the management of intrusion detection systems. The purpose of ProbeManager is to simplify the deployment of detection probes and to put together all of their functionalities in one single place. It also allows you to check the status of the probes and to be notified whenever there is a problem or dysfunction. It is not a SIEM (security information and event management), therefore, it doesn’t display the probe outputs (alerts, logs, etc…)

ProbeManager is currently compatible with NIDS Suricata and Bro, and it will soon also be compatible with OSSEC.

Features

  • Search rules in all probes.
  • List installed probes and their status (Running or not, uptime …).
  • Install, update probe.
  • Start, stop, reload and restart probe.
  • Push, Email notifications (change of status, …).
  • API Restful.
  • See all asynchronous jobs.

Usage

Install

Tutorial

Copyright (C) 2017 treussart

Source: https://github.com/treussart/

Share