[Snort-users] Analysis Console for Incident Databases - inital release
roman at ...438...
Mon Sep 11 17:43:50 EDT 2000
ACID, Analysis Console for Incident Databases, is a PHP analysis engine to
search and process a database of alerts generated by IDSes, among them
Snort (and the database plug-in). A current list of features includes:
- Search interface for finding alerts matching practically any criteria.
This includes arrival time, signature time, source/dest address/port,
flags, payload, etc. Furthermore, these queries can be made
arbitrarily complex to satsify almost any parameters.
- % of traffic for each protocol
- Alerts: # of src/dst IP, last/first arrival time
- Graph # of arrived alert over a period of time
- last x-number of alerts by protoco
- All features are provided in real-time
This application was developed at the CERT Coordination Center as a part
of the AIRCERT project. See http://www.cert.org/kb/acid for the most up to
date information and documentation about this application.
Please send bug-reports and wish-lists.
<roman at ...438...>
<rdd at ...241...>
More information about the Snort-users