Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Audits

Secureworks Releases Open Source IDS Tools

Secureworks has released two open source tools, Flowsynth and Dalton, designed to help analysts test rules for intrusion detection systems (IDS) and intrusion prevention systems (IPS) such as Snort and Suricata.

Secureworks has released two open source tools, Flowsynth and Dalton, designed to help analysts test rules for intrusion detection systems (IDS) and intrusion prevention systems (IPS) such as Snort and Suricata.

Dalton allows users to quickly and easily run network packet capture (pcap) files against IDS/IPS engines using bespoke rules and/or existing rulesets.

Common use cases for Dalton include testing ruleset coverage, developing and troubleshooting signatures, testing configuration changes, testing variable changes, testing specific IDS engine behavior, and creating custom packet captures.

Dalton includes a controller component, which provides a web interface and an API for retrieving job results and communicating with agents. These agents, which represent the second component of the tool, run on IDS sensors and provide an interface between the controller and the IDS engine.

The second tool released as open source by Secureworks is Flowsynth, which complements Dalton by making it easier for users to quickly model network traffic and generate custom pcaps.

“Flowsynth rapidly models network traffic and generates libpcap-formatted packet captures. It leverages the Scapy packet manipulation tool, but Flowsynth’s input is a text-based, structured intermediate language that is simple to create and understand. It allows for programmatic network flow definitions as well as ad hoc and custom network traffic creation,” Secureworks explained.

The Dalton controller includes a web-based user interface that connects the tool to Flowsynth and allows the created pcaps to be easily sent to Dalton for testing.

The documentation and examples provided by Secureworks are specifically made for Suricata and Snort, both of which are also open source.

The security firm says Dalton and Flowsynth are based on tools that its Counter Threat Unit research team has used internally for several years. “They have been so useful that Secureworks decided to make them available to the network IDS community,” the company said.

Related: UK’s GCHQ Spy Agency Launches Open Source Data Analysis Tool

Related: Google, Spotify Release Open Source Cloud Security Tools

Related: Cisco Releases Open Source Malware Signature Generator

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.