SnortCon


1. What is SnortCon?

SnortCon is a web-based utility that provides a high-level overview of the threats that a network is facing. SnortCon requires that SNORT is logging to a MySQL or Postgres database. The interface updates at user configurable intervals to show the following information: top/recent attacks, top/recent attackers, number of events over the past {5,15,30,60} minutes, and the current SnortCon. The SnortCon can be three values, HIGH, MEDIUM, OR LOW. It is calculated based on the number of SNORT events that have been generated during a pre-defined interval. Attack data is also displayed in a graphical form for the last 60 minutes and last 24 hours. Recent Attack Detail for the past 30 minutes is also available. The tool is primarily intended to be high-level and not meant to replace detailed analysis tools such as ACID. SnortCon can serve as the active desktop backgroud (Windows) on an IDS console. SnortCon was written using PHP4 and requires ADODB for database abstraction, Smarty for templating, and PHP sessions & GD support. It will work on any platform that has a webserver that works with PHP. The database can be a remote one. SnortCon was inspired by the SAM (Snort Alert Monitor) http://sourceforge.net/projects/snortalertmon.

2. Requirements

3. Features

4. Screenshots

5. Download

Download snortcon-0.03 here.

6. License

GPL


SourceForge Logo