ACARM (software)

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
ACARM
Original authorsBartłomiej Balcerek
Bartosz Szurgot
Wojciech Waga
Marcin Wojtkiewicz
DeveloperWCSS
Initial release2008.04.01
Final release
0.1.0 / October 5, 2009 (2009-10-05)
Repository
  • {{URL|example.com|optional display text}}Lua error in Module:EditAtWikidata at line 29: attempt to index field 'wikibase' (a nil value).
Written inJava
Engine
    Lua error in Module:EditAtWikidata at line 29: attempt to index field 'wikibase' (a nil value).
    Operating systemcross-platform
    SuccessorACARM-ng
    TypeIntrusion-detection system
    LicenseGPL
    Websitehttp://www.acarm.wcss.wroc.pl (no longer available for download)

    ACARM (Alert Correlation, Assessment and Reaction Module) is an open source intrusion detection system. It was developed as a part of POSITIF project between 2004 and 2007. It was written as a practical proof of concept, presented in the article.[1]

    Filters architecture

    [edit | edit source]

    The following image shows chain-like architecture for filters, as used in the system.

    Filters architercture

    Each alert enters each filter, stays there for a specified amount of time and proceeds further in chain. Main issue with such an approach is that alter can be reported only after its processing is done, which in turn takes at least few minutes.

    Notes

    [edit | edit source]

    Project is no longer maintained. It has been replaced with new, plug-in-based ACARM-ng.

    See also

    [edit | edit source]

    Lua error in mw.title.lua at line 392: bad argument #2 to 'title.new' (unrecognized namespace name 'Portal').

    References

    [edit | edit source]
    1. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    Retrieved from "http://70.231.62.181/index.php?title=ACARM_(software)&oldid=4293732"