Bug#108787: ITP: acidlab
Package: wnpp
Severity: wishlist
Note: I'm taking over this ITP from <chewie@wookimus.net>.
ACID is a PHP-based analysis engine to search and process a database
of security incidents generated by the security-related software such
as the NIDS Snort. The features currently include:
- Search interface for finding alerts matching practically any
criteria. This includes arrival time, sensor, signature time,
source/destination address/port, flags, payload, etc. These
queries can be made arbitrarily complex to satisfy almost any
parameters.
- Alert Groups: allow for a logical grouping of alerts on which
analysis can be done. It a quick way to combine multiple searches
or to associate a comment with an alert or group of alerts
- Alert purging: allows for the deletion of alerts from the database.
This functionality is ideal for removing known false-positives.
- Statistics:
- Snapshot statistics to assess current network state
- Aggregate statistics on a per sensor, IP, or alert basis
- Graphing alert arrival over time
- All features are provided in real-time
Author, Links, etc: by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
This plugin was developed at the CERT Coordination Center as a part
of the AIRCERT project.
See http://www.cert.org/kb/acid for the most up to date information and
documentation about this application.
Mirrored:
http://acidlab.sourceforge.net
http://www.andrew.cmu.edu/~rdanyliw/snort/
(usually contains the latest beta code)
-------------------------------------------------------------------------------
** Copyright (C) 2000 Carnegie Mellon University
**
** Author: Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-------------------------------------------------------------------------------
--
Linux Generation
encrypted mail preferred. finger rvdm@debian.org for my GnuPG/PGP key.
Laat je in ieder geval nooit imponeren door een hard blaffende advocaat.
Reply to: