Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Audits

Secureworks Releases Open Source IDS Tools

Secureworks has released two open source tools, Flowsynth and Dalton, designed to help analysts test rules for intrusion detection systems (IDS) and intrusion prevention systems (IPS) such as Snort and Suricata.

Secureworks has released two open source tools, Flowsynth and Dalton, designed to help analysts test rules for intrusion detection systems (IDS) and intrusion prevention systems (IPS) such as Snort and Suricata.

Dalton allows users to quickly and easily run network packet capture (pcap) files against IDS/IPS engines using bespoke rules and/or existing rulesets.

Common use cases for Dalton include testing ruleset coverage, developing and troubleshooting signatures, testing configuration changes, testing variable changes, testing specific IDS engine behavior, and creating custom packet captures.

Dalton includes a controller component, which provides a web interface and an API for retrieving job results and communicating with agents. These agents, which represent the second component of the tool, run on IDS sensors and provide an interface between the controller and the IDS engine.

The second tool released as open source by Secureworks is Flowsynth, which complements Dalton by making it easier for users to quickly model network traffic and generate custom pcaps.

“Flowsynth rapidly models network traffic and generates libpcap-formatted packet captures. It leverages the Scapy packet manipulation tool, but Flowsynth’s input is a text-based, structured intermediate language that is simple to create and understand. It allows for programmatic network flow definitions as well as ad hoc and custom network traffic creation,” Secureworks explained.

The Dalton controller includes a web-based user interface that connects the tool to Flowsynth and allows the created pcaps to be easily sent to Dalton for testing.

The documentation and examples provided by Secureworks are specifically made for Suricata and Snort, both of which are also open source.

Advertisement. Scroll to continue reading.

The security firm says Dalton and Flowsynth are based on tools that its Counter Threat Unit research team has used internally for several years. “They have been so useful that Secureworks decided to make them available to the network IDS community,” the company said.

Related: UK’s GCHQ Spy Agency Launches Open Source Data Analysis Tool

Related: Google, Spotify Release Open Source Cloud Security Tools

Related: Cisco Releases Open Source Malware Signature Generator

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...