|A quick 3.0 update|
|Written by Scott Shinn|
|Wednesday, 23 February 2011 16:08|
If you follow the forums you've probably already seen these screenshots of ASL 3.0. I figured a repost on the website wouldnt hurt for any newcomers curious about some of the things in store for 3.0:
File Integrity Checks
Starting first with file checks, this is a major update to visualizing changes on the file system. Probably one of the less used features in ASL, we added in first the ability to look at all the file changes in tree view by date. This poses interesting possibilities for an analyst, clicking on a file will bring up its RPM information and change date. In addition (not shown in this shot) this system wll allow you to maintain copies of those files on the ASL central server, and send diffs of those changes to the designated contact. You can now also set notifications on a per directory level.
Another major change in this update is the ability to manage and configure rules in a much more interactive manner. This shot shows all the HIDS rules on the system, broken out by category. Using this interface you can manage the Active Response state, Email, alert level, logging. This opens ASL up to some interesting options, like "Ignore" on alert (this is an alert that still will block/shun an attacker, but will neither email nor log... or maybe just not email... or just not log. Up to you!)
Firewall / Connection Manager
This one shows the active connections on the system, plus a general overview of the main interface. You might also notice some usability changes here, we have reload as well as maximize buttons featured in all windows.
And of course this is available from the asl-2.0-testing repo right now. If you have a system you'd like to try this out on you can upgrade to the 3.0 preview with:
yum --enablerepo=asl-2.0-testing upgrade asl asl-web
Just keep in mind this is incomplete code at this time, and not recommended for production environments.