In association with SecurityFocus we are participating as beta tester of the SecurityFocus Incident Database (IDB) project using the SFClean software.
The IDB (Incident Database) is a free system which has been designed to allow IDS Operators track and respond to incidents reported by their IDS's.
The User End of this system is designed for administrators who operate ID Systems. It is a web based interface accessible over SSL. It provides for tracking IDS reported events, detailed statistics about their networks, automated notification of intrusion attempts, automated response to the administrator of the offending network, and contact with other administrators who have been attacked by the same offender.
The Offender End of this system is designed for administrators who control networks which have been co-opted by the bad guys. It is a web-based interface accessible over SSL. It provides for tracking of complaints, detailed statistics about their networks in terms of how they are being used to launch attacks, and contact with administrators who have been attacked as a result of misuse of their networks.
SFClean is a utility which integrates into your IDS as a client piece. SFClean is provided to massage your logs and then sends them over SSL to the IDB site. SFClean performs the following duties:
SFClean is provided with full source under a GNU license so people can modify it if they wish.
Last modified: Sat Oct 30 23:22:33 PDT 2004