DILCA is a distributed logical correlation and reaction architecture featuring collection and correlation of IDMEF formatted log events (Intrusion Detection Message Exchange Format - RFC 4765) through a multi-step signature based system.
ILCE (IDMEF Logical Correlation Engine) is the core of the architecture, which parses logs on the fly and generates reaction events on previously created policies (builted into multi-step signature system).
Therefore these reaction events are sent to each DILCA Manager node, and forwarded to the right target Agent handled by that node (DILCA Agent/Plugin).
Every Agent/Plugin sends local IDMEF logs to the corresponding DILCA manager and receives reaction events from it.
IDXP (Intrusion Detection Exchance Protocol - RFC 4767) is the standard protocol used during IDMEF,Signatures and Reactions exchanges.
News about the Project: News Page
For further information: firstname.lastname@example.org