Giters

pghook / Altprobe

Altprobe - IDS events collector

Home Page:http://alertflex.org

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Altprobe

Altprobe is a component of the Alertflex project, it has functional of a collector according to SIEM/Log Management terminologies. Based on the filtering policies, Altprobe extracts events with high priority from flows of data generated by IDS and makes for them aggregation and normalization. It allows to simplify alerts and incidents management, reduces noise from minor events.

Screenshots

Altprobe allows integrating Wazuh Host IDS (OSSEC fork) and Suricata Network IDS with Log Management platform Graylog. Below, a screenshot of Graylog dashboards for events that were transmitted from IDS via Altprobe.

Old version of Altprobe

Previous version of altprobe (single package with Ntop nProbe support) is available under branch old_version

About

Altprobe - IDS events collector

http://alertflex.org

License:GNU General Public License v3.0

Languages

Language:C++ 83.8%Language:Makefile 10.0%Language:Shell 4.0%Language:C 2.1%