Snort mailing list archives
Announcement: Visual Intrusion Analyzer (Beta Release)
From: "Eric Knight" <eric () swordsoft com>
Date: Thu, 9 Oct 2003 23:50:43 -0600
Dear IDS Professional Community: SwordSoft has begun its 30-day Beta test round of its latest product release, the Visual Intrusion Analyzer. The beta test is fully open, no license keys or registration required. We're looking for comments, feedback, and especially to locate the major platform and usability bugs. The "Beta" release uses Snort (tm) logs but efforts are currently being made to include several other major IDS platforms. The system wasn't designed to be Snort specific. What is the Visual Intrusion Analyzer? The Visual Intrusion Analyzer is a dedicated attempt at creating a highly visual WYSIWYG-like "on-the-fly" interface console application for navigating IDS logs by creating four distinct displays that share common data space. VIA has been tested on Windows 2000 and Windows XP platforms and currently requires Microsoft Office and a somewhat modern version of the Microsoft Virtual Machine.. VIA's interface is designed to be instinctive for the user in how the alerts are visually represented as well as the navigation of details through the displays. The visual interface navigation should result in significantly reduced log analysis times. For example, double clicking on a server in the Network Diagram will cause only the information relevant to that server to appear in all four displays. The navigation is simple, intuitive, and has a browser feel. More details and the download of the Visual Intrusion Analyzer Beta 1.0.0B release is on the main page at the SwordSoft web site: http://www.swordsoft.com/ Alternatively: http://63.230.73.253/ (our backup 'second' site.) What are the displays included with Visual Intrusion Analyzer? Tree View - arranges all currently relevant alerts by severity, origin, destination, protocol and time. Histogram - a displayed bar or line chart representing the alerts by time over a variable time period and by color for alert severity. Network Diagram - Icon based, drag and drop enabled system for visual representation of network attacks. The visual display consists of multiple visual enhancements, such as color coding of alerts, line thickness representing the quantity of alerts generated between hosts, and automatic grouping and icon arrangement to help sort out the "spider webs" of alerts. List View - the traditional list display that allows quick display, sorting, and description of all alerts. Standard features: Clipboard and Printer controls for diagrams and charts Domain Name lookup Manual (with lots of screen examples) included in distribution Example logs - unmodified data from the SwordSoft web site, Nessus scan, and bad traffic example Port/Protocol internal list 30-Day Evaluation Period About SwordSoft SwordSoft is a startup company devoted to computer security research and development. We see computer security as being vast, complicated, and largely unexplored. We are not a funded group and its being built only on hard work and the materials we have on hand, so we appreciate all the support we can get from the community in all forms. Special Requests If anyone reading this is able to help us arrange for expanding this tool for other Intrusion Detection Systems, we'd -deeply- appreciate legal license or equipment (depending on if the tool is a software or appliance based IDS.) Internally speaking, VIA only needs to parse the logs in order to adapt to new IDS systems, it's about a 1-day process to create the conversion as long as we have some robust test data. Thank you for your consideration, Eric Knight President, Programmer, and Polymorphic eric () swordsoft com P.S. Special thanks go to Adam Richard of SecureIT Informatique Inc. who has been lending support and feedback on VIA. Your ideas, support, and feedback were greatly appreciated! ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Announcement: Visual Intrusion Analyzer (Beta Release) Eric Knight (Oct 09)
- Re: Announcement: Visual Intrusion Analyzer (Beta Release) Scot Scot (Oct 10)
- RE: Announcement: Visual Intrusion Analyzer (Beta Release) LE (Oct 10)
- RE: Announcement: Visual Intrusion Analyzer (Beta Release) Michael Steele (Oct 10)
- RE: Announcement: Visual Intrusion Analyzer (Beta Release) dave kleiman (Oct 10)
- RE: Announcement: Visual Intrusion Analyzer (Beta Release) LE (Oct 10)
- Re: Announcement: Visual Intrusion Analyzer (Beta Release) Scot Scot (Oct 10)