[no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2008Q2 2006-01-03T21:09:44Z 2006-01-03T21:09:44Z adrianp adrianp 2006-01-03T21:09:44Z urn:sha1:f27ba9cc2ef72b07991e972883504b0074f3623e engine to search and process a database of security events generated by various IDSes, firewalls, and network monitoring tools. The features currently include: o Query-builder and search interface for finding alerts matching on alert meta information (e.g. signature, detection time) as well as the underlying network evidence (e.g. source/destination address, ports, payload, or flags). o Packet viewer (decoder) will graphically display the layer-3 and layer-4 packet information of logged alerts o Alert management by providing constructs to logically group alerts to create incidents (alert groups), deleting the handled alerts or false positives, exporting to email for collaboration, or archiving of alerts to transfer them between alert databases. o Chart and statistic generation based on time, sensor, signature, protocol, IP address, TCP/UDP ports, or classification