[Snort-devel] Analysis Console for Intrusion Databases - initial release (fwd)
roman at ...49...
Mon Sep 11 17:57:08 EDT 2000
ACID, Analysis Console for Incident Databases, is a PHP analysis engine to
search and process a database of alerts generated by IDSes, among them
Snort (and the database plug-in). A current list of features includes:
- Search interface for finding alerts matching practically any criteria.
This includes arrival time, signature time, source/dest address/port,
flags, payload, etc. Furthermore, these queries can be made
arbitrarily complex to satsify almost any parameters.
- % of traffic for each protocol
- Alerts: # of src/dst IP, last/first arrival time
- Graph # of arrived alert over a period of time
- last x-number of alerts by protoco
- All features are provided in real-time
This application was developed at the CERT Coordination Center as a part
of the AIRCERT project. See http://www.cert.org/kb/acid for the most up to
date information and documentation about this application.
Please send bug-reports and wish-lists.
<roman at ...49...>
<rdd at ...50...>
More information about the Snort-devel