/Altprobe

Altprobe - IDS events collector

Primary LanguageC++GNU General Public License v3.0GPL-3.0

Altprobe

Altprobe is a component of the Alertflex project, it has functional of a collector according to SIEM/Log Management terminologies. Based on the filtering policies, Altprobe extracts events with high priority from flows of data generated by IDS and makes for them aggregation and normalization. It allows to simplify alerts and incidents management, reduces noise from minor events.

Screenshots

Altprobe allows integrating Wazuh Host IDS (OSSEC fork) and Suricata Network IDS with Log Management platform Graylog. Below, a screenshot of Graylog dashboards for events that were transmitted from IDS via Altprobe.

Old version of Altprobe

Previous version of altprobe (single package with Ntop nProbe support) is available under branch old_version