GitHub - rlupu/libliteidmef: An IDMEF alerting library for distributed IDPS

rlupu / libliteidmef Public

Notifications You must be signed in to change notification settings
Fork 0
Star 0

An IDMEF alerting library for distributed IDPS

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 22 Commits
autom4te.cache		autom4te.cache
doc		doc
src		src
test		test
.gitattributes		.gitattributes
.gitignore		.gitignore
COPYRIGHT		COPYRIGHT
INSTALL		INSTALL
Makefile		Makefile
Makefile.am		Makefile.am
Makefile.in		Makefile.in
NEWS		NEWS
README		README
TODO		TODO
aclocal.m4		aclocal.m4
autoscan.log		autoscan.log
config.guess		config.guess
config.h		config.h
config.h.in		config.h.in
config.log		config.log
config.status		config.status
config.sub		config.sub
configure		configure
configure.ac		configure.ac
depcomp		depcomp
install-sh		install-sh
libtool		libtool
ltmain.sh		ltmain.sh
missing		missing
stamp-h1		stamp-h1

Repository files navigation

COPYRIGHT
=========
	See COPYRIGHT file for further information.


ABOUT
=====
	Libliteidmef library provides a standardized IDMEF-based notifications 
	management API that can guarrantee interoperability among commercial,
	open source and research systems. IDMEF(Intrusion Detection Message Exchange
	Format) define data formats and exchange procedures for sharing information
	of interest to intrusion detecion and response systems and to management
	systems that may need to interact with them [RFC 4765].
	
	The overall design goal was to provide support for IDMEF-based signaling 
	plane deployments for distributed IDS architectures. 

	Libliteidmef is built around the IDMEF message's context core concept, in 
	order to provide the required flexibility and extensibility. Each context 
	input and output could be configured in three modes: file (IDMEF_MODE_FILE), 
	remote generator/consumer(IDMEF_MODE_SOCK) or both of them (IDMEF_MODE_FS). 
	Whenever a new IDMEF notification is received a user-defined callback function 
	is run (see doc files for the API description and samples from test/
	subdirectory).

	NOTE, the current release of the library does not fully implement the standard
	specifications. More specifically, the tags list is incomplete, the IDMEF 
	messages are encoded using one octet UTF-8 (default) method and are wrapped 
	directly on TCP (no IDXP support[RFC 4767] available, yet).  

	A plugin-like model was chosen for the library's implementation. The code 
	was written in C language entirely and compiled with gcc. 

	The current standard does not integrate security mechanisms, therefore add 
	external security services (e.g. TLS/SSL, IPSec, SSH) for IDMEF messages' 
	exchanges protection if required. 

	 ...
 


(UN)INSTALLATION PROCEDURE
===========================
	See INSTALL file for package's dependencies, (un)installation and testing 
	instructions.


UTILISATION SAMPLE
==================
	Libliteidmef could be integrated into your project either as static or 
	shared library(default) in a traditional way. Linking against libliteidmef
	is as simple as:

		gcc <*.c> `pkg-config --libs libliteidmef-0.1` -o <program>

	
	Further info usefull in working with Libliteidmef, such as API's
	specification (including a diagram-based grammar definition), could be 
	searched for within doc/ subdirectory. Also, by understanding and running 
	samples located within test/ folder the developer could get a hint on how to
 	start coding with Libliteidmef library.


CONTACT
=======
Please submit bug reports or further improvements suggestions to: 
	email: [email protected]



CONTRIBUTORS
============
	Radu Lupu(November, 2015)
	...