AtomiCorp: Security for Everyone

Twitter Feed

from:Atomicorp - Twitter Search

Atomicorp: Realtime WAF/#modsecurity rules: Updates to protected path rules

Atomicorp: Realtime WAF/#modsecurity rules: Updates to Wordpress rules

Atomicorp: Realtime WAF/#modsecurity rules: Updates to PHP malware protection rules

Atomicorp: [asl-3.0-testing] update asl 3.3.0 - merge unattended install branch. requires the beta-installer

Atomicorp: Realtime AntiMalware Protection system: New web malware protection rules added

Follow AtomiCorp on Twitter

A quick 3.0 update

Written by Scott Shinn

Wednesday, 23 February 2011 16:08

If you follow the forums you've probably already seen these screenshots of ASL 3.0. I figured a repost on the website wouldnt hurt for any newcomers curious about some of the things in store for 3.0:

File Integrity Checks

Starting first with file checks, this is a major update to visualizing changes on the file system. Probably one of the less used features in ASL, we added in first the ability to look at all the file changes in tree view by date. This poses interesting possibilities for an analyst, clicking on a file will bring up its RPM information and change date. In addition (not shown in this shot) this system wll allow you to maintain copies of those files on the ASL central server, and send diffs of those changes to the designated contact. You can now also set notifications on a per directory level.

http://www.atomicrocketturtle.com/asl3-file-integrity.png

Rule Manager

Another major change in this update is the ability to manage and configure rules in a much more interactive manner. This shot shows all the HIDS rules on the system, broken out by category. Using this interface you can manage the Active Response state, Email, alert level, logging. This opens ASL up to some interesting options, like "Ignore" on alert (this is an alert that still will block/shun an attacker, but will neither email nor log... or maybe just not email... or just not log. Up to you!)

http://www.atomicrocketturtle.com/asl3-rulemanager.png

Firewall / Connection Manager

This one shows the active connections on the system, plus a general overview of the main interface. You might also notice some usability changes here, we have reload as well as maximize buttons featured in all windows.

http://www.atomicrocketturtle.com/asl3-main.png

And of course this is available from the asl-2.0-testing repo right now. If you have a system you'd like to try this out on you can upgrade to the 3.0 preview with:

yum --enablerepo=asl-2.0-testing upgrade asl asl-web

Just keep in mind this is incomplete code at this time, and not recommended for production environments.

< Prev		Next >

Add comment

JComments