[Snort-users] Analysis Console for Incident Databases - inital release

Martin Roesch roesch at ...421...
Mon Sep 11 18:44:10 EDT 2000


Woah, this sounds highly cool.  Got any screen shots?  I think I know what I'm
doing tonight.... :)

    -Marty

Roman Danyliw wrote:
> 
> Greetings!
> 
> ACID, Analysis Console for Incident Databases, is a PHP analysis engine to
> search and process a database of alerts generated by IDSes, among them
> Snort (and the database plug-in).  A current list of features includes:
> 
>  - Search interface for finding alerts matching practically any criteria.
>    This includes arrival time, signature time, source/dest address/port,
>    flags, payload, etc.  Furthermore, these queries can be made
>    arbitrarily complex to satsify almost any parameters.
> 
>  - Statistics:
>      - % of traffic for each protocol
>      - Alerts: # of src/dst IP, last/first arrival time
>      - Graph # of arrived alert over a period of time
>      - last x-number of alerts by protoco
> 
>  - All features are provided in real-time
> 
> This application was developed at the CERT Coordination Center as a part
> of the AIRCERT project. See http://www.cert.org/kb/acid for the most up to
> date information and documentation about this application.
> 
> Download: http://www.cert.org/kb/acid/acid.0.9.2.tar.gz
> Mirror: http://www.andrew.cmu.edu/~rdanyliw/snort/
> 
> Please send bug-reports and wish-lists.
> 
> Roman Danyliw
> <roman at ...438...>
> <rdd at ...241...>
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 
Martin Roesch
roesch at ...421...
http://www.snort.org



More information about the Snort-users mailing list