Bug#98025: RFP: acidlab -- Analysis Console for Intrusion Databases
Package: wnpp
Severity: wishlist
See http://acidlab.sourceforge.net/. A short description:
The Analysis Console for Intrusion Databases (ACID) is a PHP-based
analysis engine to search and process a database of incidents generated
by security-related software such as IDSes and firewalls (e.g. Snort,
ipchains).
* Search interface for finding alerts matching practically any criteria.
This includes arrival time, signature time, source/dest address/port,
flags, payload, etc. Furthermore, these queries can be made
arbitrarily complex to satisfy almost any parameters.
* Alert Groups allow for a logical grouping of alerts on which analysis can be
done. It a quick way to combine multiple searches or to associate a comment
with an alert or group of alerts
* Alert purging to remove false positives
* Statistics:
* Snapshot statistics to assess current network state
* Aggregate statistics on a per sensor, IP, or alert basis
* Graphing alert arrival over time
* All analysis is done in real-time
Wichert.
--
_________________________________________________________________
/ Nothing is fool-proof to a sufficiently talented fool \
| wichert@cistron.nl http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Reply to: