Bug#108787: ITP: acidlab

To: submit@bugs.debian.org
Subject: Bug#108787: ITP: acidlab
From: Robert van der Meulen <rvdm@wiretrip.org>
Date: Wed, 15 Aug 2001 15:21:58 +0200
Message-id: <[🔎] 20010815152158.D16234@wiretrip.org>
Reply-to: Robert van der Meulen <rvdm@wiretrip.org>, 108787@bugs.debian.org

Package: wnpp
Severity: wishlist

Note: I'm taking over this ITP from <chewie@wookimus.net>.

ACID is a PHP-based analysis engine to search and process a database
    of security incidents generated by the security-related software such
    as the NIDS Snort.  The features currently include:
     - Search interface for finding alerts matching practically any
       criteria.  This includes arrival time, sensor, signature time,
       source/destination address/port, flags, payload, etc.  These
       queries can be made arbitrarily complex to satisfy almost any
       parameters.
     - Alert Groups: allow for a logical grouping of alerts on which
       analysis can be done.  It a quick way to combine multiple searches
       or to associate a comment with an alert or group of alerts
     - Alert purging: allows for the deletion of alerts from the database.
       This functionality is ideal for removing known false-positives. 
    - Statistics:
        - Snapshot statistics to assess current network state
        - Aggregate statistics on a per sensor, IP, or alert basis
        - Graphing alert arrival over time
     - All features are provided in real-time 

Author, Links, etc: by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com> 
This plugin was developed at the CERT Coordination Center as a part
of the AIRCERT project. 
See http://www.cert.org/kb/acid for the most up to date information and 
documentation about this application. 
Mirrored:
http://acidlab.sourceforge.net
http://www.andrew.cmu.edu/~rdanyliw/snort/
(usually contains the latest beta code) 

-------------------------------------------------------------------------------
** Copyright (C) 2000 Carnegie Mellon University
**
** Author: Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-------------------------------------------------------------------------------

-- 
			      Linux Generation
   encrypted mail preferred. finger rvdm@debian.org for my GnuPG/PGP key.
  Laat je in ieder geval nooit imponeren door een hard blaffende advocaat.

Reply to:

Prev by Date: Bug#108724: ITP: xprobe -- remote OS identification using ICMP packets
Next by Date: Bug#108784: RFP: napshare - a fully-automated Gnutella P2P client
Previous by thread: Bug#92561: ITP: velocity
Next by thread: Bug#108784: RFP: napshare - a fully-automated Gnutella P2P client
Index(es):
- Date
- Thread