The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis engine to search and process a database of security events generated by various IDSes, firewalls, and network monitoring tools. The features currently include:
o Query-builder and search interface for finding alerts matching
on alert meta information (e.g. signature, detection time) as well as the underlying network evidence (e.g. source/destination address, ports, payload, or flags).
o Packet viewer (decoder) will graphically display the layer-3 and
layer-4 packet information of logged alerts
o Alert management by providing constructs to logically group alerts
to create incidents (alert groups), deleting the handled alerts or false positives, exporting to email for collaboration, or archiving of alerts to transfer them between alert databases.
o Chart and statistic generation based on time, sensor, signature, protocol,
IP address, TCP/UDP ports, or classification
ACID has the ability to analyze a wide variety of events which are post-processed into its database. Tools exist for the following formats:
o using Snort (www.snort.org)
- Snort alerts
- tcpdump binary logs
o using logsnorter (www.snort.org/downloads/logsnorter-0.2.tar.gz)
- Cisco PIX
- ipchains
- iptables
- ipfw
Homepage: http://acidlab.sourceforge.net/
|
|
|
| Architecture | Package Size | Installed Size | Files |
|---|---|---|---|
| all | 679.0 kB | 1532 kB | [list of files] |