Coral 1.0.2

More updates for an awesome yet simple PHP intrusion detection platform

Published on July 18, 2017

Coral Application Icon

Coral Update

Coral will soon be upgraded to 1.0.2! This update brings a list of improvements and GUI / UX optimizations. The parsers have all received new definitions and pattern threat-levels have been tweaked. Monitors have received new options. As an example, you now have the ability to change when an email is sent to you based on the threat factor of the most recent scan. If you are running a comprehensive Coral scan hourly (and I hope you are), you won't have to be inundated with useless notifications that don't provide any usable evidence of tampering, unless of course you like those emails!

The upcoming version fixes a priority-one issue that affects monitoring your public_html folder. Coral will now "truly" exclude ALL it's files and subdirectories from all scan operations. This makes monitoring your public web directory easier and more reliable without adding overhead. Although, I still recommend splitting up large sites into multiple monitors to help offset server loads and cron tasks. Ideally, a monitor should be created for high-risk areas of your site so you get meaningful information about possible threats through focused analysis.

Along with UI enhancements comes the ability to provide notes when updating or deleting files from the repository. This helps you keep track of events and I plan on further extracting this functionality elsewhere to help you keep a better handle on what is happening on your site at a glance. I also have plans to optimize the way warnings and threats are resolved. As of now, you have to add each one independently, which can be tedious if you just uploaded a lot of new files to your site. I am still forming what form this will take, but it isn't too far ahead.

Coral version 1.0.2 will be uploaded to the CodeCanyon marketplace this weekend for review. You should be able to download it by the 25th of July.