I know that some of you use IDS Center. Come to think of it, someone asked about it's compatibility with Snort 1.9 and 2.0 before - just can't remember who. Anywho, this should be good news to some of you.

i'm glad to announce the release of IDScenter 1.1 RC3 and the new website http://www.engagesecurity.com. Note that www.packx.net is not updated anymore.

Product page: http://www.engagesecurity.com/products/idscenter
Download: http.//www.engagesecurity.com/downloads

Description: IDScenter is a front-end for Snort intrusion detection
systems www.snort.org)

Platform: Windows 9x/Me/NT/2K/XP
Version: 1.1 RC3

Author: U. Kistler


* Snort 2.0, 1.9, 1.8 and1.7 support
o easy access to all settings
o Interface listing using WinPCAP
o inline configuration support (options in configuration file
instead of command-line parameters, if available)
* Snort service mode support
o IDScenter takes over control of the Snort service
* Snort configuration wizard
o Variables
o Preprocessor plugins
o Output plugins (Syslog output plugin configuration for Snort 2.x
and Snort 1.9.x supported!)
o Rulesets
* Online updates of IDS rules: IDScenter integrates a http client
and starts an update script on demand
o Full configuration frontend for Andreas Östlings Oinkmaster perl
o custom interval for update checks
* Ruleset editor: supports all Snort 2.0 rule options
o Easily modify your rules
o Sort rules based on source IP, port, etc.
o Import rules from files or websites into existant rulesets
* HTML report from SQL backend
o IDScenter can generate HTML output from your SQL database
o Custom HTML template
o Decoding of TCP Flags and more, Hex/Base 64 payload decoding,
mutli-threaded DNS resolving possibility
* Alert notification via e-mail, alarm sound or only visual notification
o Threaded e-mail sending with custom send interval
o SQL queries can be included in an AlertMail message, which are
processed on demand (see above)
o Possibilty to send the last # lines of your Snort log
o Notification of attack is also possible with Snort logging to MySQL
o Add attachments (e.x. the current process list generated by
another program)
* AutoBlock plugins: write your own plugins (DLL) for your firewall
o ISS NetworkICE BlackICE Defender plugin included (possibility to
block IP's, TCP and UDP ports, ICMP packets, set block duration)
o Delphi framework included for fast writing new plugins for other
o Test configuration feature: fast testing of your IDS
configuration (Snort rule syntax checking etc.)
* Monitoring:
o Alert file monitoring (up to 10 files)
o MySQL alert detection: allows centralized monitoring of all
Snort sensors
* Log rotation (compressed archiving of log files)
o Backup your logfiles automatically, set log rotation period
(day, week, month, interval)
* Global event logging
o Log events such AlertMail sending, Log rotation, Online updates,
* Integrated log viewer
o Log file viewer
o XML log file viewer
o HTML/website viewer (support for ACID, SnortSnarf, HTML ouput
generated using IDScenter's report template page etc.)
o CVE search and WHOIS lookups
* Program execution possible if an attack was detected


* Snort 2.x (recommended)
* WinPCAP 2.3 or higher

Ueli Kistler


Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com