[Snort-users] Analysis Console for Incident Databases - inital release

Roman Danyliw roman at ...438...
Mon Sep 11 21:31:38 EDT 2000


Well since you asked ... I just made some quick (very crude) screen
captures located at the following link:

http://www.andrew.cmu.edu/~rdanyliw/snort/acid_screencaps.html

I look forward to hearing suggestions, wishlists, and bugs!

Roman Danyliw
<roman at ...438...>

On Mon, 11 Sep 2000, Martin Roesch wrote:

> Woah, this sounds highly cool.  Got any screen shots?  I think I know
what I'm
> doing tonight.... :)
>
>     -Marty
>
> Roman Danyliw wrote:
> >
> > Greetings!
> >
> > ACID, Analysis Console for Incident Databases, is a PHP analysis
engine to
> > search and process a database of alerts generated by IDSes, among them
> > Snort (and the database plug-in).  A current list of features
includes:
> >
> >  - Search interface for finding alerts matching practically any
criteria.
> >    This includes arrival time, signature time, source/dest
address/port,
> >    flags, payload, etc.  Furthermore, these queries can be made
> >    arbitrarily complex to satsify almost any parameters.
> >
> >  - Statistics:
> >      - % of traffic for each protocol
> >      - Alerts: # of src/dst IP, last/first arrival time
> >      - Graph # of arrived alert over a period of time
> >      - last x-number of alerts by protoco
> >
> >  - All features are provided in real-time
> >
> > This application was developed at the CERT Coordination Center as a
part
> > of the AIRCERT project. See http://www.cert.org/kb/acid for the most
up to
> > date information and documentation about this application.
> >
> > Download: http://www.cert.org/kb/acid/acid.0.9.2.tar.gz
> > Mirror: http://www.andrew.cmu.edu/~rdanyliw/snort/
> > 
> > Please send bug-reports and wish-lists.
> >  
> > Roman Danyliw
> > <roman at ...438...>
> > <rdd at ...241...>
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > http://lists.sourceforge.net/mailman/listinfo/snort-users
> 
> --
> Martin Roesch
> roesch at ...421...
> http://www.snort.org





More information about the Snort-users mailing list