IDS engines like Snort and network devices can and generally do log thousands to millions of events per day, which can make it difficult to gather a view as to what has happened and what is happening.
Aanval provides numerous up-to-date and live views of your data to help you make sense of it, increase your situational awareness, and quickly determine potential threats. One of those views are Summaries.
Event and Host Summaries
Users can quickly select the event name from the dashboard or any Live display to visually see a Timeline browser displaying how often a given event is being generated, along with every host associated as a source and destination.
From there users can then select a given host to get a similar summary that would include a Timeline browser that further details risk level of generated events, Geo IP details, and a listing of events where that host has been associated as a source and destination. Host summaries can also be selected from the dashboard or any Live view by simply selecting the desired host or IP from the main event details.