BASE

BASE is the Basic Analysis and Security Engine. It provides a web front-end to query and analyze the alerts coming from a SNORT IDS system. 

It is based on the code from the Analysis Console for Intrusion Databases (ACID) project.

BASE uses a user authentication and role-base system, so that you as the security admin can decide what and how much information each user can see. It has a simple to use, web-based setup program.

BASE

License GNU GPL v2 Developer Kevin Johnson and the BASE Development Team Website base.secureideas.net Requirements Database (e.g MySQL, PostgreSQL, Oracle) Snort or logsnorter PHP Web server (e.g. Apache) ADODB GD Support: FAQ, Forums, Mailing Lists, Tutorial Selected Reviews:

Features include:

• Query-builder and search interface for finding alerts matching on alert meta information (e.g. signature, detection time) as well as the underlying network evidence (e.g. source/destination address, ports, payload, or flags).
• Packet viewer (decoder) will graphically display the layer-3 and layer-4 packet information of logged alerts
• Alert management by providing constructs to logically group alerts to create incidents (alert groups), deleting the handled alerts or false positives, exporting to email for collaboration, or archiving of alerts to transfer them between alert databases
• Chart and statistic generation based on time, sensor, signature, protocol, IP address, TCP/UDP ports, or classification
• Ability to analyze a wide variety of events which are post-processed into its database

Last Updated Sunday, August 09 2009 @ 12:43 PM EDT