Thursday, October 07, 2004

Three Developments in Snort Community

Three noteworthy events have occurred in the Snort community during the last few weeks. First, Kevin Johnson has forked the ACID (Analysis Console for Intrusion Databases) project due to lack of formal releases by Roman Danyliw. Kevin announced his new Basic Analysis and Security Engine (BASE) project last month. I don't think ACID provides the information needed to collect, analyze, and escalate indications and warning to detect and respond to intrusions. For that, check out Sguil. The fork is good news for the people who use ACID and expect updates. From a community perspective, this BASE fork is a positive development allowed only by the open source nature of ACID. Trying forking a proprietary product!

Second, as discovered by Keith McCammon, another moribund project has been resurrected. Simon Biles has revived the Statistical Packet Anomaly Detection Engine (SPADE) project. SPADE is a plug-in for Snort. It appears in the Snort CVS tree as Spade-092200.1.tar.gz, although Spade-030125.1.tar.gz is the latest (as I reported in June.) It would be helpful to see SPADE work with the newest Snort releases.

Finally, the Bleeding Snort site has been relaunched as a security portal for Snort and Snort rule development. It has commercial sponsors, forums, and news. Bleeding Snort is best known as a central repository for new rules developed outside the official Snort and Sourcefire development community.

No comments: