Intrusion Detection Exchange Architecture
IDEA is an architecture for implementing a distributed intrusion detection system on a computer network. It provides a way to incorporate many different IDS sensors into an architecture, and have them report to a central IDS server. This server collects, aggregates, and correlates data from the sensors, providing a unified view of network activity. By specifying an open API, many different clients can connect to the IDEA server and "subscribe" to the event notification service so that the client will be notified any time a new alert is received from any of the sensors.
| Tags | Networking Monitoring Internet Log Analysis Security Information Management Issue Tracking |
|---|---|
| Licenses | GPL |
| Operating Systems | OS Independent |
| Implementation | Java |
Recent releases
- 10 Nov 2003 06:06
Changes: Secure authentication from console to server was implemented via MD5 challenge/response. Interfaces to improve modularity were implemented. The Web application functionality was enhanced with links to CVE, BugTraq, and other information sources. IDEA now works with Snort 2.0. Minor bugfixes were made.
- 23 Mar 2003 20:53
Changes: Numerous internal changes/bugfixes/code cleanups, modularized code so that it should be much easier to write modules to work with the console and server, new observer interfaces for the AlertList, HotIPList, and SensorList (any Java class that implements the interface will receive notifications as to when there are changes made to the lists), initial IDEA server user-auth code, fixes to a bunch of the database code to make it more modular now, and segregating code for the Menu bar from the code for the console.
- 22 Feb 2003 18:36
Changes: Minor bugfixes and user enhancements, support for PostgreSQL databases, ease-of-use enhancements to the Web application, and security enhancements to the server.
- 13 Feb 2003 21:38
No changes have been submitted for this release.
