Snort Module

The Snort module is a simplified snort alert reporting tool. Users who are familiar with BASE will be able to transition easily to using the Snort module for easy querying of alerts.

About

The Snort module uses the snort alert database schema (version 107), however it does not need the extended ACID/BASE schema. The Snort module includes several features of BASE but simplifies their use.

Features

  • Uses standard Snort database schema
  • External tools for looking up port/protocol usage, and event descriptions
  • IP address mapping for alerts
  • Summary and Detail level reporting

Screenshots

"Security is an architecture, not an appliance" - Art Wittman