what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 925 RSS Feed

Intrusion Detection Files

Falco 0.39.2
Posted Nov 21, 2024
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

Changes: A couple updates to cmake and one to ci.
tags | tool, intrusion detection
systems | unix
SHA-256 | 769d837b8a6c3e34330cb87bef813414005afc8b4418dc3b8c6df27b89942f6b
Zeek 6.0.9
Posted Nov 20, 2024
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: The input framework will no longer get stuck and use 100% of the CPU when encountering lines not immediately terminated by a new line. The Modbus analyzer added some additional protocol checks and should no longer over-match on traffic that's not specifically on port 502.
tags | tool, intrusion detection
systems | unix
SHA-256 | a942ce9cb6850374edbdb34a997b26985103b01a85203c8b289a843f3e49e1b6
Falco 0.39.1
Posted Oct 9, 2024
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

Changes: Allows null init_config for plugin info. Fixed parsing issues in -o key={object} when the object definition contains a comma. Fixed event set selection for plugin with parsing capability.
tags | tool, intrusion detection
systems | unix
SHA-256 | 028606182ccc2e835bfa8d0034cd1d8bb344380d5e29428c930c76406269f21a
Zeek 6.0.8
Posted Oct 4, 2024
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Adding to the POP3 hardening in 6.0.7, the parser now simply discards too many pending commands, rather than any attempting to process them. Further, invalid server responses do not result in command completion anymore. Processing out-of-order commands or finishing commands based on invalid server responses could result in inconsistent analyzer state, potentially triggering null pointer references for crafted traffic.
tags | tool, intrusion detection
systems | unix
SHA-256 | 39e6293f11ec9f7d38e08f2eb076a436f384c9bb45ce026f60a4154064f6c1e0
Suricata IDPE 7.0.7
Posted Oct 2, 2024
Site suricata.io

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: 6 security fixes, 27 bug fixes, 2 optimizations, 2 features, 2 task, and 1 documentation updates.
tags | tool, intrusion detection
systems | unix
advisories | CVE-2024-45795, CVE-2024-45796, CVE-2024-45797, CVE-2024-47187, CVE-2024-47188, CVE-2024-47522
SHA-256 | 26d0a36194d53080fc8b09b999b2b5a83c4049f40ad07ef6ae69c7225a728b86
Falco 0.39.0
Posted Oct 1, 2024
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

Changes: 4 breaking changes, 9 major changes, 6 minor changes, 4 bug fixes, and 23 non-user facing changes.
tags | tool, intrusion detection
systems | unix
SHA-256 | 77cfde0e3fe797209e92e741f526d6000c97302a686dd0b4cfa3801b2df4b199
Zeek 6.0.7
Posted Sep 24, 2024
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: The POP3 parser has been hardened to avoid unbounded state growth in the face of one-sided traffic capture or when enabled for non-POP3 traffic.
tags | tool, intrusion detection
systems | unix
SHA-256 | 8c99e850b8cc489e1f1607ffd2c922cb3802cf9159bd23abcbb331499a9dd22c
Samhain File Integrity Checker 4.5.1
Posted Sep 8, 2024
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Added a fix for regression in SHELL option for log file monitoring.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 72c61517da00f6dbcb9097885932c15a69cf8f6f9225756cf257aeaac1159c7b
Zeek 6.0.6
Posted Sep 4, 2024
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: HTTP passwords with colon characters in them are now correctly logged.
tags | tool, intrusion detection
systems | unix
SHA-256 | 95438612672226776aef09c283564541b50a78dfaaf09308b2ac21ffea6adfe5
Falco 0.38.2
Posted Aug 19, 2024
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

Changes: The engine and ci both had a bug fix.
tags | tool, intrusion detection
systems | unix
SHA-256 | 3e4f5acf04cadd477a1dadac271aead459bb2df925a0aa16eae22897fa0602b4
Zeek 6.0.5
Posted Aug 2, 2024
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: This release addresses 4 issues. The Mozilla CA and Google CT lists were updated to their latest versions. Connection IDs now correctly propagate into files.log. A rare crash in CAF that happened when shutting down Zeek was resolved. Binary addresses passed to Zeekctl were previously assumed to be valid unicode, which was not always the case. Some additional checking was added to ensure that is the case and to provide better error messaging when it is not.
tags | tool, intrusion detection
systems | unix
SHA-256 | 17333748eb6ab56a11a7027eba925e82f58b2d38176ac24b6fa3354b41993fe3
Logwatch 7.11
Posted Jul 22, 2024
Site sourceforge.net

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.

Changes: Full changelog missing but this is a new release since the last release in January of 2024.
tags | tool, intrusion detection
systems | unix
SHA-256 | 5eb42d983a9667003368b572149fce788c0d7e13daaf1f28ad1bf3a140b865cf
Suricata IDPE 7.0.6
Posted Jun 27, 2024
Site suricata.io

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: 4 security fixes, 23 bug fixes, 2 optimizations, 2 features, and 3 documentation updates.
tags | tool, intrusion detection
systems | unix
advisories | CVE-2024-37151
SHA-256 | 21824f7ff12087c0c9b9de207199a75a9c31b03036688c7cb9c178f0a3b57f8d
Falco 0.38.1
Posted Jun 19, 2024
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

Changes: 1 major change, 2 minor changes, and 3 bug fixes.
tags | tool, intrusion detection
systems | unix
SHA-256 | 0e5cb8f527e3c55179a12ab312ee8955532d6d9ba88f100aa60afc50244e85da
Falco 0.38.0
Posted May 30, 2024
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

Changes: 3 breaking changes, 14 major changes, 13 minor changes, 8 bug fixes, and 5 non-user facing changes.
tags | tool, intrusion detection
systems | unix
SHA-256 | 9e5759e0d9d047326efdff5085c60e099c504e9bdbb0c1540ffd77ceb2e82e91
Zeek 6.0.4
Posted May 17, 2024
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: This release addresses 6 bugs, including a crash with ICMP packets involving errant length checking.
tags | tool, intrusion detection
systems | unix
SHA-256 | 1a7d40d2749a90b914ae3be8df14c17de64c1921b8b272a93a54985aa1080396
AIDE 0.18.8
Posted May 9, 2024
Authored by Rami Lehti | Site aide.github.io

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

Changes: Fixed concurrent reading of extended attributes (xattrs). Raises warning if both input databases are the same.
tags | tool, intrusion detection
systems | unix
SHA-256 | 16662dc632d17e2c5630b801752f97912a8e22697c065ebde175f1cc37b83a60
AIDE 0.18.7
Posted May 6, 2024
Authored by Rami Lehti | Site aide.github.io

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

Changes: Added missing library CFLAGS. Fixed 64-bit time_t on 32-bit architectures. Fixed typo in aide.conf manual page. Fixed debug logging for returned attributes. Fixed condition for error message of failing to open gzipped files.
tags | tool, intrusion detection
systems | unix
SHA-256 | 85251284ed91d0cc1131a08e97751823895a263e75de5c04c615326099500cc9
Suricata IDPE 7.0.5
Posted Apr 23, 2024
Site suricata.io

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: 6 security fixes, 17 bug fixes, 1 optimization, 2 features, and 1 documentation updates.
tags | tool, intrusion detection
systems | unix
advisories | CVE-2024-32663, CVE-2024-32664, CVE-2024-32867
SHA-256 | 1ffb568158f265c08554464bfb854e6568ef683bf03312923b51f28c50790a4e
Suricata IDPE 7.0.4
Posted Mar 20, 2024
Site suricata.io

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: 4 security fixes, 22 bug fixes, 1 optimization, 1 feature, 2 tasks, and 1 documentation updates.
tags | tool, intrusion detection
systems | unix
advisories | CVE-2024-28870, CVE-2024-28871
SHA-256 | 640060120024be70dbe81f6ec6efc72e46250fcb36219dff67e6417220ff21b7
Falco 0.37.1
Posted Feb 13, 2024
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

Changes: 1 major change, 2 minor changes, 1 bug fix, and 3 non-user facing changes.
tags | tool, intrusion detection
systems | unix
SHA-256 | f602bd025ff2997ecce1bd1f479592ab666276912d72212ab8d1fffd38ab8c94
Suricata IDPE 7.0.3
Posted Feb 8, 2024
Site suricata.io

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: 8 security fixes, 30 bug fixes, 6 features, 11 tasks, and 11 documentation updates.
tags | tool, intrusion detection
systems | unix
SHA-256 | ea0742d7a98783f1af4a57661af6068bc2d850ac3eca04b3204d28ce165e35ff
Falco 0.37.0
Posted Jan 30, 2024
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

Changes: 12 major changes, 14 minor changes, 5 bug fixes, and 12 non-user facing changes.
tags | tool, intrusion detection
systems | unix
SHA-256 | b6f5c76af02ef16ffb7965f810a9af4815ad4f904b478eb7451dde7133f76dbf
Zeek 6.0.3
Posted Jan 24, 2024
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: This release fixes 1 security bug and 6 non-security bugs.
tags | tool, intrusion detection
systems | unix
SHA-256 | 227edf0e1e6b54dc9893cfd1ecd8621291cc85d1d06808874394aad555f8a8a4
Logwatch 7.10
Posted Jan 23, 2024
Site sourceforge.net

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.

Changes: Full changelog missing but this is a new release since the last release in July of 2023.
tags | tool, intrusion detection
systems | unix
SHA-256 | 329df0991b879764ed7e50a869de5b6bfa70d241eb254397a5659d1ff5f2588f
Page 1 of 37
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close