[Snort-users] Event Correlation Screenshots
administration at ...13693...
Thu Feb 9 04:56:03 EST 2006
As mentioned earlier - here are the screenshots of the correlation
engine in a few real-time displays.
Full size view of the real-time correlation monitor
A close up of the time-based color coding and attack grouping using
the correlation monitor
Another close up, a few moments earlier/later showing time based
Another close up, different data
Another full page view
A nice comparison shot showing different source/destination being
* The correlation engine has been built into the core console.
* Clicking an event in any of the displays allows you to view the
event in full, and then click another link which then correlates data
from that event individually.
The demo which was used for these screenshots is a snort only demo.
Although the engine fully correlates snort and syslog data, the demo
for public users is snort only. - sorry
A full console with real-time data is online and available to test:
More information about the Snort-users