[Snort-users] Event Correlation Screenshots

Administration administration at ...13693...
Thu Feb 9 04:56:03 EST 2006


All;

As mentioned earlier - here are the screenshots of the correlation  
engine in a few real-time displays.

Full size view of the real-time correlation monitor
http://www.aanval.com/images/1.61/1.61-cor-1.png

A close up of the time-based color coding and attack grouping using  
the correlation monitor
http://www.aanval.com/images/1.61/1.61-cor-2.png

Another close up, a few moments earlier/later showing time based  
colors changing
http://www.aanval.com/images/1.61/1.61-cor-3.png

Another close up, different data
http://www.aanval.com/images/1.61/1.61-cor-4.png

Another full page view
http://www.aanval.com/images/1.61/1.61-cor-5.png

A nice comparison shot showing different source/destination being  
grouped
http://www.aanval.com/images/1.61/1.61-cor-6.png

* The correlation engine has been built into the core console.
* Clicking an event in any of the displays allows you to view the  
event in full, and then click another link which then correlates data  
from that event individually.

The demo which was used for these screenshots is a snort only demo.  
Although the engine fully correlates snort and syslog data, the demo  
for public users is snort only. - sorry

--

A full console with real-time data is online and available to test:
http://www.aanval.com/demo/

--
Aanval.com
888.569.2186

http://www.aanval.com/




More information about the Snort-users mailing list