[Snort-users] Analysis Console for Incident Databases - inital release

Roman Danyliw roman at ...438...
Mon Sep 11 17:43:50 EDT 2000


Greetings!

ACID, Analysis Console for Incident Databases, is a PHP analysis engine to 
search and process a database of alerts generated by IDSes, among them
Snort (and the database plug-in).  A current list of features includes:

 - Search interface for finding alerts matching practically any criteria.
   This includes arrival time, signature time, source/dest address/port,
   flags, payload, etc.  Furthermore, these queries can be made
   arbitrarily complex to satsify almost any parameters.

 - Statistics:
     - % of traffic for each protocol
     - Alerts: # of src/dst IP, last/first arrival time
     - Graph # of arrived alert over a period of time
     - last x-number of alerts by protoco

 - All features are provided in real-time 

This application was developed at the CERT Coordination Center as a part 
of the AIRCERT project. See http://www.cert.org/kb/acid for the most up to
date information and documentation about this application.

Download: http://www.cert.org/kb/acid/acid.0.9.2.tar.gz
Mirror: http://www.andrew.cmu.edu/~rdanyliw/snort/

Please send bug-reports and wish-lists.

Roman Danyliw
<roman at ...438...>
<rdd at ...241...>





More information about the Snort-users mailing list