IDPS-ESCAPE (v0.2) – ADBox in Wazuh out on 24 Jan. 2025

We have released version 0.2 of IDPS-ESCAPE on GitHub.

Full integration into Wazuh

Following our initial (Alpha) release of IDPS-ESCAPE on September 1st, 2024 introducing ADBox, our dedicated anomaly-based intrusion detection solution relying on state-of-the-art advances in artificial intelligence, we have made another release on GitHub that in addition to patches and improvements, provides a full integration into Wazuh, the well-known open-source SIEM, which you can catch a glimpse of by watching this short walkthrough.

under the hood

This release also provides plenty of behind-the-scenes enhancements and architectural improvements, e.g., the use of an anomaly detection engine, a data shipping module updating Wazuh indices with ADBox detection outcomes, an extensive unit test suite, a detailed user manual, a fully revised technical specification release providing end-to-end traceability, covering specifications, software and architectural design and test artifacts. You can consult the change log to learn more about the introduced updates since our v0.1.1 release on 1 Sep. 2024.

Roadmap

We will be working towards our beta release, planned for early 2026, and some of the currently planned items include:
– tailoring the underlying ADBox algorithms to specific SOC operations;
– adding new automated mechanisms aimed at preventive measures (i.e., the “P” in IDPS), directly integrated into Wazuh, towards the SOAR goal of IDPS-ESCAPE.
– stabilizing the current implementation and improving its resilience/fault tolerance, especially when it comes to dealing with missing and ill-formed raw data;
– adding new reusable anomaly detection use case scenarios, i.e., other than the ones geared towards resource usage monitoring;

Scroll to Top