The "Config Table" link on https://github.com/Netflix/Fido/wiki/database points to "https://github.com/Netflix/Fido/wiki/table_config"

Should be "https://github.com/Netflix/Fido/wiki/table-config"

Hi there,

I'm a researcher studying software evolution. As part of my current research, I'm studying the implications of open-sourcing a proprietary software, for instance, if the project succeed in attracting newcomers. Fido was in my list. However, I observed that the software history of when the software was developed as a proprietary software was not kept after the transition to Github.

Knowing that software history is indispensable for developers (e.g., developers need to refer to history several times a day), I would like to ask Fido developers the following four brief questions:

1. Why did you decide to not keep the software history?
2. Do the core developers faced any kind of problems, when trying to refer to the old history? If so, how did they solve these problems?
3. Do the newcomers faced any kind of problems, when trying to refer to the old history? If so, how did they solve these problems?
4. How does the lack of history impacted on software evolution? Does it placed any burden in understanding and evolving the software?

Thanks in advance for your collaboration,

Gustavo Pinto, PhD
http://www.gustavopinto.org

Recheck "Responsegroup" method. It has really buggy if statements

Hello Developers,

I am a graduate student at SJSU and for our senior project my team and I were thinking of contributing to FIDO open source project. I had a question which I hope the developers do not mind addressing. I noticed in the wiki it mentioned that Bro/Snort were listed in the "in progress/planned" category. Before we begin our work, have you guys already began working on integrating these detectors? I would greatly appreciate a response back.

Thank You,
Prabhdeep Singh

Hi,
I have read you are looking for OSS logic trees capability for the Enforcement part...
I'm part of OSS project CloudSlang ,while it does not have a UI (currently) it does offer creating custom workflows using a Yaml based DSL, so it might work have value here.

More on CloudSlang:
https://github.com/CloudSlang/
http://www.cloudslang.io/

If you're trying to roll your own database while waiting for the initialization script, note that the configs_detectors table document shows 13 columns but the code is expecting 18 in this order:

DetectorType, Detector, Vendor, Server, Folder, FolderTest, File, EmailFrom, Lastevent, UserID, Pwd, Acek, DB, ConnString, Query, Query2, Query3, APIKey

I am facing issue in compiling the code and begin installation , As I am getting couldnot found Aes_Crypto.cs error. I checked the github history and found it was deleted. Please let me know how I an compile the code

In "Fido/Director/Director_Helper/The_Director_HostDetection.cs" source the line "if ((sHostname == null) && (sHostname == String.Empty))" in "HostDetection" method is buggy, the case is impossible to succeed.

Find one to review this project's codes. There are many bugs.

Leave using email as the error logger and find a cleaver way. Also leave using "Console" as the main trace environment.

Is there any intent to provide Suricata support in addition to Snort?

Please update https://github.com/Netflix/Fido/wiki/Ubuntu-Setup

Since there are so few comments, and the wiki is in terrible shape, is FIDO dead?

I tried to run this.

1. Windows : there is no installation file.
2. Linux : Even after changing the permissions using chmod +x , it says permission denied for all .cs files.

Please help asap

Thanks and Regrads

I am sorry to ask this dumb question - in the windows installation instruction, it said:
"...Simply double-click the install file and follow the on-screen prompts..."

My question is that where/what is this "install file", assuming I just git clone "Netflix/Fido"...
All I can found are C# source code.

Is there a database creation script somewhere? I could only find the table descriptions in the wiki.

Is there an ETA when the Ubuntu install docs will be put in the wiki?

FIDO looks very interesting I can't wait to try it out!

"Fully" seams superfluous here, also as mentioned in the blog post, big confusion with FIDO Alliance. Integrated Defense Operations (IDO) or Unified Defense Operations (UDO) would be a better option.

Just a suggestion.

I'm not sure in what context the class is used, but the method of encryption in Fido/Fido_Support/Crypto/AES_Crypto.cs is insecure, as outlined by this StackOverflow question.

Also, there is no recognition of the original author of the class, which I believe is copied almost verbatim from this StackOverflow answer. The original author should get recognition, even if it is a bugged implementation. Copying it directly and adding your own copyright notice on it is in direct violation of its license, Creative Commons, under which all StackOverflow content is licensed.

It'd be great to support building this solution inside VS.

How configurable is FIDO?

Could I re-purpose it to ingest feeds of sw versions installed on unix, windows, network,databases and cross correlate against vulnerability and patch availability feeds. Ultimately generate alerts when patching SLAs are breached.

https://github.com/Netflix/Fido/blob/master/Fido_Support/Crypto/AES_Crypto.cs#L28

I see that nothing has changed in the repository for a long while. Only README.md file changes. Does the development take place somewhere else?

I took a quick glance at your AES_Crypto class and discovered the following: