Realeyes IDS


The Realeyes Intrusion Detection System is designed in modular parts. The components may all be installed on the same host or on individual hosts, or any reasonable combination. There may be multiple IDS hosts feeding a single database, and multiple analysts may login to the system.

The Intrusion Detection System (IDS) component reads network data directly from a network monitoring point or from a file in 'pcap' format. It analyzes the data based on rules supplied in XML configuration files. When the analysis meets the defined criteria, a record is built that includes up 32 Kilobytes of the session data and the rules that were detected, and it is transferred to the Database Daemon (DBD) which stores it in the database.

For a more detailed explanation of the IDS analysis processes, see the Realeyes analysis engine slideshow.

Analysts use the Graphical User Interface (GUI) to view the list of detected events and may display the headers and data to determine if the event was critical. The following slides describe the features of the GUI.

START - - - PREV - - - NEXT Logo