The biggest question you need to answer as a network security analyst is “What’s happening on my network?” Aanval helps deliver.
While knowing the specific events being generated by Snort are important, as well as keeping that signature recipe finely tuned and updated, we believe it’s more important to know who’s behind those events (just as it’s more important to know and capture the bank robber instead of spending too much time at the scene of the crime).
Aanval has amazing features that will detail the activity and behavior of not only those events but the hosts that either cause those events or act as the victim. With a single click, users can get a map of their host that includes a visually striking Timeline Browser readout of the host’s frequency in generating events and also their threat levels, so you immediately know how harmful a host may be. In addition to that, users get a full readout of what signatures that host has triggered, as both a host and possibly a victim. Quickly search those results for more details and create and email reports based on those results. All of those features are built-in and automatically work in the background and are available as you feed Aanval network alerts.
To get even more from your Aanval console, use Nmap to routinely scan the network or multiple networks for currently and newly connected hosts. All on an automated basis, Aanval will find those hosts and perform a scan to obtain their OS fingerprint or vendor, IP, and up/down status. But Aanval doesn’t stop there; it then imports those records to its Device Management readout, where users can then add more details about a given host (services, additional interfaces, etc.) and find its current state. Once those records are received, more Aanval features become automatically unlocked and fed, like Situational Awareness and Event Validation.
With Situational Awareness, users can get an instant bird’s eye view of the connected hosts and their activity. Quickly determine harmful attackers and weak links. Views can be changed from a current view or even those in the past.
Event Validation allows users to quickly determine if generated events come from known hosts and if they may possibly be false positives, one of the top reasons for failed IDS deployments, as they can quickly choke a system and view.
Check out the links below to get these features up and running on your Aanval console, and increase your host visibility and situational awareness.