Nuhe is a rule-based software that matches rules against log activity, enabling efficient monitoring and management of data logs.
The reason behind Nuhe's development was to provide a reliable intrusion protection system that can react against certain types of log activity. With Nuhe, you can also use it as a simple "log filtering" system, that detects events from logs, logs them, but does not react against them.
Nuhe can be used as a general rule-based monitoring system that runs system commands in phases based on time and event criteria, and hopefully, this provides many areas of use. One example of Nuhe usage is to use the rule that detects multiple SSH connection attempts and drops IP address (e.g., with Linux iptables) where connections are coming. It's very handy in this situation because the user can configure it to ignore important IP addresses, so they are not blocked by the firewall and specify events to be identified only by IP address information. With that rule and action handler, users can paralyze brute force attacks.
The release contains an email ruleset for IMAP 4 and POP 3 servers, and fixes the ftpd ruleset. Also, there are bug fixes for the node manager and sensor, and other improvements. Overall, Nuhe is an excellent software product that packs a powerful punch in terms of functionality and flexibility.
Version 0.06: N/A