[Snort-users] ACID v0.9.5b6 - news

Roman Danyliw roman at ...438...
Mon Oct 30 11:42:02 EST 2000


Greetings all,

There have been a significant number of new features added to ACID as of
v0.9.5b6, and although some of the functionality is still beta,
(e.g. deleting) I urge users to upgrade from 0.9.4.

Currently, this latest version can only be download from the mirror:

http://www.andrew.cmu.edu/~rdanyliw/snort/

In addition to the new code, some documentation has also been added
covering the use of the new features.

The added features (since 0.9.4) include the following:

  - added alert groups (AG)
  - aggregate stats based on sensor (Stuart Stock <stuart at ...726...>)
  - added alert purging
  - added stats for single IP address (# of alerts, sensors) and whois 
    lookups (Jeff Seeley <jeff_seely at ...726...>)
  - added ability to list unique IP addresses on a particular query
  - added sensor name as a search criteria
  - added AG name as a search criteria
  - added snapshot: today's alerts
  - automated ACID's table and index creation
  - added sort criteria for the search results (timestamp, signature)

  - fixed bug in alert arrival time graph when # of alerts was less than
    1%
  - generalized the IP proto decode 
  - fixed bug in criteria description when printing 'Last X' alerts
  - updated DB check version code to be aware of new AG tables
  - main and last-X alerts page refresh 
  - signatures hyperlink to CVE or whitehats (Paul Harrington
    <paul at ...13...>)
  - fixed bug in flags search criteria where PSH and RST were transposed
    (reported: Jed Pickel <jed at ...153...>)
  - fixed bug associated with using '_'-character in style sheet classes
    which caused them not be valid under certain configurations.
    (solution reported by: Jed Pickel <jed at ...153...>)
  - improved human-readable criteria description for queries (added
    output when TCP flags are criteria, removed extranous blank lines)

Any bugs reports, feedback, or suggestions are appreciated.

cheers,
Roman




More information about the Snort-users mailing list