Mole Ids Mole Versions Save

Yara powered NIDS with high speed packet capture powered by PF_RING

v0.1.2

3 years ago

MOLE IDS - CHANGELOG

v0.1.2 - 2020-08-17

Chores

  • Added a make-release script
  • Improve CI/CD to generate binaries
  • Update documentation (1c342d5)
  • Addinding changelog and automate its generation (a1f4897)

Features

  • Mole uses Yara 4.x (708fd1f)
  • Enabled libpcap as an alternative to PF_Ring (365477e)
  • Added interfaces command to Mole IDS
  • Defined %APPDATA% as a default config place for Windows

Fixtures

  • Checking Windows administrator privileges wrong (e074163)

v0.1.1

3 years ago

This release is considered a Beta version.

Improvement

  • Possibility to use libpcap as an alternative to PF_Ring

Bugfix

  • Backtracking algorithm was not walking through all potential branches

Documentation

  • Updated accordingly

v0.1.0

3 years ago

This release is considered a Beta version.

Main features

  • Capture traffic using the PF_Ring driver
  • Filter traffic using BPF filters
  • Yara as engine detection
  • Advance Yara metadata syntax, that allows to define the packet matching pattern
  • Application logger
  • Alert logger
  • Import Yara rules even from an Yara index file or directory with a bunch of Yara files