pkgsrc

Author SHA1 Message Date

Author	SHA1	Message	Date
adrianp	a52ad051fc	Update to BASE 1.2.4 > Changes: > - Fixed issue with PostGRES and schema in base_db.inc.php -- Kevin J and Nikns > - Fixed bug 1284695 Error in SQL with PostgreSQL -- Kevin J and Nikns > - Fixed issues displaying PortScans -- Nikns > - Fixed sig_class (bug 1407325) and sig_priority filter bug -- Nikns and Max Valdez (garaged) > - Fixed bug 1408387 Archive move and Email summary issues -- Nikns > - Fixed bug when, after setup, archive database wasn't used -- Nikns > - Fixed PostgreSQL archive database support -- Nikns > - Fixed bug 1313261 Unable to use actions in base_stat_sensor.php -- Nikns > - Fixed bug 1371532 First of month timestamp issue -- Nikns > - Fixed bug 1406945 Lost alert order when switching between payload display -- Nikns > - Fixed bug `1413712` base_conf.php file path issue under MS Windows -- garaged > - Fixed search by signature name -- Nikns > - Converted sql/create_base_tbls_mssql_extra.sql to CRLF line terminators -- Nikns > - Fixed broken auth system for MSSQL -- Nikns > - Changed MSSQL schema for table acid_event, sig_name now has type VARCHAR instead of TEXT -- Nikns > - Fixed bug 1307250 broken base_stat_alerts.php with MSSQL -- Nikns > - Fixed bug 1413594 Force to use alert database for auth system stuff -- Nikns > - Setup fix, on error form values are remembered, default language is English -- garaged > - Uppercased name 'Archive' in base_main.php (in sync with base_hdr1.php) -- Nikns > - Fixed support for actions in base_stat_class.php -- Nikns > - Fixed bug 1418660 Broken search by IP criteria -- Nikns > - Added checkboxes and fixed support for actions in base_stat_iplink.php -- Nikns > - Implemented RFE 1123382 support for actions in base_stat_uaddr.php -- Nikns > - Implemented support for actions in base_stat_ports.php -- Nikns > - Fixed bug 1422575 when empty email sent even if action unsuccessful -- Nikns > - Fixed bug 1424033 Unable to Graph Alert Detection Time -- Nikns > - Fixed bug 1426089 Score removed from email address -- Nikns > - Fixed bug 1210542 and 1288402 Packet display mode issues -- Nikns > - Detect archiving duplicates with select queries instead of catching db conflict error -- Nikns > - Fixed bug 1430686 Update alert cache for archived alert right after it is coppied to archive db -- Nikns > - Implemented archiving support for schema 107 -- Nikns > - Added sig_gid (signature generator id) to snort signature reference url for schema 107 -- Nikns > - session_start() on base_conf.php avoiding repetition, easier to handle with debug output -- garaged > - debug_mode needs to be off on login (index.php:45 ) -- garaged > - Fixed bug 1275536 Unable to download binary payload in Internet Explorer when using SSL -- Nikns > - Implemented archiving support for FLoP extended database schema -- Nikns > - Implemented rebuild of packet in pcap format for FLoP extended database -- Nikns > - Added display of MAC addresses in base_query_alert.php for FLoP extended database -- Nikns > - Fixed BASE authentication bypass in standalone mode for base_maintenance.php -- Nikns > - Added HTTP response codes on authentication failure in base_maintenance.php for standalone mode -- Nikns > - Fixed bug 1341286 Show IP header length in bytes, not words -- Juergen Leising > - In plain display mode several sequential non-ASCII payload characters join together displaying their count -- Nikns > - Changed input type of the password field in useradmin -- Kevin Johnson	2006-05-12 22:31:38 +00:00
adrianp	00ae2c0b89	The Basic Analysis and Security Engine (BASE) is a PHP-based analysis engine to search and process a database of security events generated by various IDSes, firewalls, and network monitoring tools. The features currently include: o Query-builder and search interface for finding alerts matching on alert meta information (e.g. signature, detection time) as well as the underlying network evidence (e.g. source/destination address, ports, payload, or flags). o Packet viewer (decoder) will graphically display the layer-3 and layer-4 packet information of logged alerts o Alert management by providing constructs to logically group alerts to create incidents (alert groups), deleting the handled alerts or false positives, exporting to email for collaboration, or archiving of alerts to transfer them between alert databases. o Chart and statistic generation based on time, sensor, signature, protocol, IP address, TCP/UDP ports, or classification	2006-01-03 21:09:44 +00:00

adrianp

a52ad051fc

Update to BASE 1.2.4

> Changes:
>     - Fixed issue with PostGRES and schema in base_db.inc.php -- Kevin J and Nikns
>     - Fixed bug 1284695 Error in SQL with PostgreSQL -- Kevin J and Nikns
>     - Fixed issues displaying PortScans -- Nikns
>     - Fixed sig_class (bug 1407325) and sig_priority filter bug -- Nikns and Max Valdez (garaged)
>     - Fixed bug 1408387 Archive move and Email summary issues -- Nikns
>     - Fixed bug when, after setup, archive database wasn't used -- Nikns
>     - Fixed PostgreSQL archive database support -- Nikns
>     - Fixed bug 1313261 Unable to use actions in base_stat_sensor.php -- Nikns
>     - Fixed bug 1371532 First of month timestamp issue -- Nikns
>     - Fixed bug 1406945 Lost alert order when switching between payload display -- Nikns
>     - Fixed bug 1413712 base_conf.php file path issue under MS Windows -- garaged
>     - Fixed search by signature name -- Nikns
>     - Converted sql/create_base_tbls_mssql_extra.sql to CRLF line terminators -- Nikns
>     - Fixed broken auth system for MSSQL -- Nikns
>     - Changed MSSQL schema for table acid_event, sig_name now has type VARCHAR instead of TEXT -- Nikns
>     - Fixed bug 1307250 broken base_stat_alerts.php with MSSQL -- Nikns
>     - Fixed bug 1413594 Force to use alert database for auth system stuff -- Nikns
>     - Setup fix, on error form values are remembered, default language is English -- garaged
>     - Uppercased name 'Archive' in base_main.php (in sync with base_hdr1.php) -- Nikns
>     - Fixed support for actions in base_stat_class.php -- Nikns
>     - Fixed bug 1418660 Broken search by IP criteria -- Nikns
>     - Added checkboxes and fixed support for actions in base_stat_iplink.php -- Nikns
>     - Implemented RFE 1123382 support for actions in base_stat_uaddr.php -- Nikns
>     - Implemented support for actions in base_stat_ports.php -- Nikns
>     - Fixed bug 1422575 when empty email sent even if action unsuccessful -- Nikns
>     - Fixed bug 1424033 Unable to Graph Alert Detection Time -- Nikns
>     - Fixed bug 1426089 Score removed from email address -- Nikns
>     - Fixed bug 1210542 and 1288402 Packet display mode issues -- Nikns
>     - Detect archiving duplicates with select queries instead of catching db conflict error -- Nikns
>     - Fixed bug 1430686 Update alert cache for archived alert right after it is coppied to archive db -- Nikns
>     - Implemented archiving support for schema 107 -- Nikns
>     - Added sig_gid (signature generator id) to snort signature reference url for schema 107 -- Nikns
>     - session_start() on base_conf.php avoiding repetition, easier to handle with debug output -- garaged
>     - debug_mode needs to be off on login (index.php:45 ) -- garaged
>     - Fixed bug 1275536 Unable to download binary payload in Internet Explorer when using SSL -- Nikns
>     - Implemented archiving support for FLoP extended database schema -- Nikns
>     - Implemented rebuild of packet in pcap format for FLoP extended database -- Nikns
>     - Added display of MAC addresses in base_query_alert.php for FLoP extended database -- Nikns
>     - Fixed BASE authentication bypass in standalone mode for base_maintenance.php -- Nikns
>     - Added HTTP response codes on authentication failure in base_maintenance.php for standalone mode -- Nikns
>     - Fixed bug 1341286 Show IP header length in bytes, not words -- Juergen Leising
>     - In plain display mode several sequential non-ASCII payload characters join together displaying their count -- Nikns
>     - Changed input type of the password field in useradmin -- Kevin Johnson

2006-05-12 22:31:38 +00:00

adrianp

00ae2c0b89

The Basic Analysis and Security Engine (BASE) is a PHP-based analysis

engine to search and process a database of security events generated by
various IDSes, firewalls, and network monitoring tools.  The features currently
include:

o Query-builder and search interface for finding alerts matching
  on alert meta information (e.g. signature, detection time) as well as
  the underlying network evidence (e.g. source/destination address, ports,
  payload, or flags).

o Packet viewer (decoder) will graphically display the layer-3 and
  layer-4 packet information of logged alerts

o Alert management by providing constructs to logically group alerts
  to create incidents (alert groups), deleting the handled alerts or
  false positives, exporting to email for collaboration, or archiving of
  alerts to transfer them between alert databases.

o Chart and statistic generation based on time, sensor, signature, protocol,
  IP address, TCP/UDP ports, or classification

2006-01-03 21:09:44 +00:00

2 commits