dea7ae9957
This is acid v0.9.4, Analysis Console for Intrusion Databases (ACID) with Snort and MySQL. Before someone complain about it, I need to say portlint doesn't like this port so much. That's because the naming rule of DISTFILES(from the author) has a bad style. ACID needs snort 1.6.3(maybe higher) and php3/mysql, we are waitng for upgrading the development version of snort to make this port happy. Submitted by: Yen-Ming Chen <yenming.chen@foundstone.com>
19 lines
709 B
Plaintext
19 lines
709 B
Plaintext
ACID is a PHP-based analysis engine to search and process a database of
|
|
security incidents generated by the NDIS Snort. The features currently
|
|
include:
|
|
|
|
- Search interface for finding alerts matching practically any criteria.
|
|
This includes arrival time, signature time, source/dest address/port,
|
|
flags, payload, etc. Furthermore, these queries can be made arbitrarily
|
|
complex to satsify almost any parameters.
|
|
|
|
- Statistics:
|
|
- % of traffic for each protocol
|
|
- Alerts: # of src/dst IP, last/first arrival time
|
|
- Graph # of arrived alert over a period of time
|
|
- last x-number of alerts by protocol
|
|
|
|
- All features are provided in real-time
|
|
|
|
WWW: http://www.cert.org/kb/acid/
|