Package: wnpp Severity: wishlist Description:
ACID is a PHP-based analysis engine to search and process a database
of security incidents generated by the security-related software such
as the NIDS Snort. The features currently include:
- Search interface for finding alerts matching practically any
criteria. This includes arrival time, sensor, signature time,
source/destination address/port, flags, payload, etc. These
queries can be made arbitrarily complex to satisfy almost any
parameters.
- Alert Groups: allow for a logical grouping of alerts on which
analysis can be done. It a quick way to combine multiple searches
or to associate a comment with an alert or group of alerts
- Alert purging: allows for the deletion of alerts from the database.
This functionality is ideal for removing known false-positives.
- Statistics:
- Snapshot statistics to assess current network state
- Aggregate statistics on a per sensor, IP, or alert basis
- Graphing alert arrival over time
- All features are provided in real-time
Author, Links, etc:
by Roman Danyliw <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
This plugin was developed at the CERT Coordination Center as a part
of the AIRCERT project.
See http://www.cert.org/kb/acid for the most up to date
information and documentation about this application.
Mirrored:
http://acidlab.sourceforge.net
http://www.andrew.cmu.edu/~rdanyliw/snort/
(usually contains the latest beta code)
-------------------------------------------------------------------------------
** Copyright (C) 2000 Carnegie Mellon University
**
** Author: Roman Danyliw <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-------------------------------------------------------------------------------
--
Chad Walstrom <[EMAIL PROTECTED]> | a.k.a. ^chewie
http://www.wookimus.net/ | s.k.a. gunnarr
Key fingerprint = B4AB D627 9CBD 687E 7A31 1950 0CC7 0B18 206C 5AFD
pgp0JXI1Hmqbp.pgp
Description: PGP signature
