Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

SecurityFocus' ARIS (Attack Registry & Intelligence Service) Analyzer

From: Elias Levy <aleph1 () SECURITYFOCUS COM>
Date: Sun, 25 Mar 2001 16:35:16 -0700
SecurityFocus.com is proud to announce ARIS (Attack Registry and
Intelligence Service) Analyzer. The ARIS Analyzer is a free service
that allows you to submit attack data collected by intrusion detection
systems and helps you manage your security incidents. ARIS Analyzer
also allows you to correlate your attacks with those seen by other
people.

A lot of the ideas and reasoning behind ARIS came from this mailing list,
INCIDENTS. I hope we have created a free service that will meet some of
your incident handling needs.

In particular ARIS allows you to:

* Submit IDS data via the ARIS Extractor. An open source tool that takes
  your IDS data, cleans it up, and sends it securely to ARIS.
* Anonymize your data by stripping the destination IP address before
  submitting it to ARIS.
* Provide you with more information about an attack by cross-referencing
  the BUGTRAQ vulnerability database.
* Determine the organization responsible for the IP address source of
  an attack, as well as their ISP.
* To send an incident report to the organization responsible for the
  IP address source of an attack, as well as their ISP.
* Determine whether others are seeing attacks from the same sources you are.
* Generate a series charts and reports with data derived from your
  attacks logs in order to better understand hostile traffic directed
  at your network(s).

Currently we support the following IDS programs:
* Snort 1.6-1.7
* Network ICE BlackICE all versions
* Network ICE ICEpac 2.1 and later
* Cisco Secure IDS (formerly NetRanger)
* ISS Real Secure 3.1-5.5

The ARIS Extractor is an open source tool and we encourage people to
modify it to support additional IDS programs.

We could not have brought you this service without Alfred Huger, our
VP of Engineering. As the person in charge of this project he took it
from the concept stage to a fielded service in a minimum amount of time
while making judicious use of our resourced. Kudos to him and the rest
of our engineering staff.

We are already working on improving the next revision of the service
in a number of ways. Your feedback is greatly appreciated.

To learn more or join please visit http://aris.securityfocus.com/

--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
Previous By Date Next
Previous By Thread Next

Current thread: