Aanval’s Advanced, Scheduled, and Emailed Reports

Advanced Reporting

Aanval provides both on-demand and scheduled reports. They are available to view in a number of formats, including PDF, HTML, and XML, and can be emailed in PDF and Text formats.


Creating a Report

Users can generate a report from any search results. Users can also use the My Reports menu to create custom and scheduled reports and filter by sensor, risk level, and more.

Within the String / Text box, users can enter any of the keywords used by the Advanced Search tool to make their searches and reports extremely detailed, for example by returning all events from “lastweek:” Keywords can be combined as well and used alongside other factors already provided in drop-down boxes like Risk Level, and Source and Destination IP/Port.


Scheduled Reports

Users can create any number of scheduled reports and have them emailed to any number of addresses (comma separated).

Report Details

Aanval reports display exactly what the user searched or queried and when, and then proceeds to detail in an easy-to-read format and  with graphs all event values like Source and Destination IPs, Ports, sensors affected, where the events are stored, and more.

Learn More and Take Aanval for a Spin

* Aanval Reports

* Download Aanval

Aanval for the Managed Services Provider

Aanval has proven to be an invaluable tool for MSPs, and here’s why.

Flexibility and Growth Potential

As your customer base grows, so does Aanval. Our Aanval SAS Enterprise package allows you as an MSP to add and monitor an unlimited number of sensors and devices (Snort, Suricata, and syslog) without a cost increase. Additionally, there are no data caps; import as much traffic as possible. We encourage the idea of “Responsible Security,” to increase network visibility and situational awareness by monitoring every available network piece.

The Features You Need

On-Demand and Scheduled Reports

Create on-demand and scheduled reports for every customer. Aanval has search and reporting logic to make results extremely refined and detailed. 

Real-Time Actions and Alerts

Create custom actions to perform tasks and alerts with Action Management, from email alerts to tasks like tagging and executing shell commands.

Secured and Filtered

Import alerts and logs from multiple customers and locations. And while it’s being aggregated and managed on one console, it’s also secured and easily filtered to individual customers for viewing, alerts, and reporting.

Customer Logins

While many customers of MSPs like the hands-off approach, many like to see for themselves what’s happening. Easily create individual customer accounts that provide access to view only their sensors and data.


We understand that this may be a new venture for both the MSP and the customer. Not a problem. The Tactical FLEX team behind Aanval has years of experience and can help you get things running and optimized. From remotely installing a Snort sensor, to configuring a plug-and-play Aanval appliance, to writing custom regex for a syslog device, we’re here to get the job done quickly and correctly.


Whether you’re managing Aanval at your own data center, at individual customer locations, or a mix of both, you’re getting the biggest bang for your buck with Aanval SAS Enterprise. In addition to monitoring every customer and every sensor and device, you’ll receive 24/7 console support. Also included is console maintenance, allowing you access to every fix, feature, and even major release.

Oh yes, there’s more!

Want to take Aanval for a test drive? Want us to show you the ropes? Not a problem.

Create a free Aanval account and download the console now: https://www.aanval.com/account/request

Request a demo from our support department, where we can answer questions and showcase Aanval’s features for you live: https://www.aanval.com/demo

Learn more at https://www.aanval.com/aanval

Aanval Mini Appliance: FREE with License Purchase

FREE Aanval Mini Appliance Promotion in August

Now through the end of August, receive a FREE Aanval Mini appliance with the purchase of an Aanval SAS or Aanval SAS Enterprise  license package. Purchase an Aanval SMB package and receive 50% off an Aanval Mini appliance.

Aanval Appliance

What is an Appliance?

We have brought the industry’s leading Snort and Syslog intrusion detection and correlation console together with the world’s most stable and advanced operating system and hardware combination.

The Aanval Mini appliance is a Mac mini-based all-in-one IDS and SIEM solution. Preconfigured with Snort and Aanval, this box comes drop-in ready for complete monitoring and management. 

Screen Shot 2014 08 21 at 10 48 32 PM

Each appliance comes with one standard Ethernet interface designed for Snort monitoring. With a supplied Thunderbolt-to-Ethernet cable, a second management interface is added.

Already have an Aanval server?

Not a problem. The Mini appliance can be configured as a sensor-only device, designed to monitor and report to a local or remote Aanval server for logging, correlation, reporting, and management. 

Multiple Mini appliances can be deployed at remote sites. The Mini appliance is also rack mountable.

Aanval’s Enhanced Sensor and Appliance Management Features

Every appliance comes configured with Aanval’s Sensor Management Tools that allow the remote management of a sensor’s Snort signatures. Manually enable and disable signatures, and automatically receive daily signature updates on every active sensor.

Apple and Mac OS X

Elegant, reliable, and stable are just a few of the words that describe the world’s most advanced operating system combined with the industry’s highest quality hardware. Apple’s operating system and hardware were chosen for Aanval Appliances for its core Unix foundation and overall superior quality. Mac OS X is an Open Brand Unix 03 Registered Product.


Configured for Your Environment

All appliances may be custom configured with specific destination network details (IP, DNS, etc), ensuring the installation is as simple as plugging in and powering on the Appliance. Appliances may further be installed with a selection of security tools including tcpdump (packet sniffing), Nmap (port scanning), nessus (vulnerability scanning), and more.

Get Your FREE Appliance!

Purchases can be made securely online at https://www.aanval.com/purchase and through the friendly and knowledgable sales staff at Tactical FLEX!

Learn more about Aanval at https://www.aanval.com/aanval 

Aanval v7 Upgrades: That was easy!

Aanval v7 upgrades are easy and performed right inside the console. 

Console messages are displayed when updates are available and provide a direct link to the Version Management page. You can also navigate from the Console Configuration menu.

If you’re experiencing an issue with the current version, from that same Version Management menu, clicking Force Update will download and install the current version. 

Once a new version is downloaded, you’ll be shown the EULA and following its acceptance be guided through a brief re-installation which consists of version and module checking, ensuring the new version is good to go. 

The last prompt of an upgrade is to Stop and Start the BPUs (Background Processing Units). We strongly recommend performing this step. Updates to the console may contain changes or advancements to the BPUs, and failure to restart them when prompted may cause issues with the console’s operability and require further steps that may include manually downloading and installing the console again.

Check the following website to see details of a console upgrade: https://www.aanval.com/download/notes

Use Nmap to Increase Host Visibility Automatically with Aanval SAS

The biggest question you need to answer as a network security analyst is “What’s happening on my network?” Aanval helps deliver.

While knowing the specific events being generated by Snort are important, as well as keeping that signature recipe finely tuned and updated, we believe it’s more important to know who’s behind those events (just as it’s more important to know and capture the bank robber instead of spending too much time at the scene of the crime).

Aanval has amazing features that will detail the activity and behavior of not only those events but the hosts that either cause those events or act as the victim. With a single click, users can get a map of their host that includes a visually striking Timeline Browser readout of the host’s frequency in generating events and also their threat levels, so you immediately know how harmful a host may be. In addition to that, users get a full readout of what signatures that host has triggered, as both a host and possibly a victim. Quickly search those results for more details and create and email reports based on those results. All of those features are built-in and automatically work in the background and are available as you feed Aanval network alerts.

To get even more from your Aanval console, use Nmap to routinely scan the network or multiple networks for currently and newly connected hosts. All on an automated basis, Aanval will find those hosts and perform a scan to obtain their OS fingerprint or vendor, IP, and up/down status. But Aanval doesn’t stop there; it then imports those records to its Device Management readout, where users can then add more details about a given host (services, additional interfaces, etc.) and find its current state. Once those records are received, more Aanval features become automatically unlocked and fed, like Situational Awareness and Event Validation. 

With Situational Awareness, users can get an instant bird’s eye view of the connected hosts and their activity. Quickly determine harmful attackers and weak links. Views can be changed from a current view or even those in the past.

Event Validation allows users to quickly determine if generated events come from known hosts and if they may possibly be false positives, one of the top reasons for failed IDS deployments, as they can quickly choke a system and view.

Check out the links below to get these features up and running on your Aanval console, and increase your host visibility and situational awareness.

Nmap: Getting Started

Network Host Scanning

Situational Awareness

Event Validation

Aanval SAS FAQ

In the past few weeks, we’ve had people ask specific questions about our new trial offerings and the types of commercial licenses available. We decided to write a blog to answer those questions.

#1. What is the difference between a 30-day trial and 30-day unlimited trial?
#2. Free vs commercial? What does an annual subscription provide?
#3. What are the types of Aanval SAS licenses offered? How can I determine the right license package for my environment?

Aanval is available to download and evaluate for free. Without a commercial license, Aanval operates in a free single-sensor mode, allowing 1 Snort or 1 Suricata and 1 syslog device. Your download automatically includes most of the features in our latest release, Aanval SAS (Situational Awareness System), for 30 days and allows you to process up to 1 million events. After 30 days, you can purchase an annual commercial license and take advantage of all the powerful and automated features designed to provide organizations complete end-to-end network visibility and situational awareness. You also have the option to convert to an unlimited 30-day trial license. We’ve re-introduced trial licenses for organizations who need to test Aanval in their environments without limitations on sensor capacity or event processing. Installation assistance and full support will also be available during your trial period.

All versions of Aanval are available as a downloadable solution that can be installed on existing hardware and requires only a current variant of Linux, Unix, or Mac OS X.

Visit our Download Page https://www.aanval.com/download and get your 30-day trial or 30-day unlimited trial.

What does the Aanval SAS annual subscription offer you?

» An annual unlimited sensor-capacity license for Snort and/or Suricata, and Syslog
» Telephone and remote support
» Console maintenance: bug fixes, minor and major upgrades
» An enterprise-grade SIEM and IDS solution at a fraction of the cost of other providers

Aanval SAS annual package includes the following features and tools:

» Situational Awareness™
» Offensive Reconnaissance™ and Rogue Host Detection
» Network Host Scanning
» False Positive Protection
» Live GeoLocation Display
» Event Correlation
» Billions of Events
» Event Tagging, Syslog Mirroring, and More

Aanval is designed to specifically scale from small single-sensor installations to global enterprise deployments. Aanval’s primary functions are to correlate data from multiple sources, bring together billions of events, and present users with a holistic view of false positive free, network security situational awareness.

We offer three types of annual subscriptions:

Aanval SMB

Our most cost efficient solution, designed specifically for the small business market, Aanval SMB includes every base feature of Aanval SAS as well as a few select SAS-only options like our powerful Situational Awareness engine, Rogue Host Detection, and the ever critical False Positive Protection module.

View Aanval SMB Details: https://www.aanval.com/aanval

Aanval SAS

Our completely unlimited middle market offering, Aanval SAS (Situational Awareness System), developed and focused specifically for organizations up to 250 hosts in size. Aanval SAS includes all basic and advanced SAS features like Offensive Reconnaissance and Network Host Scanning.

View Aanval SAS Details: https://www.aanval.com/aanval

Aanval SAS Enterprise

Aanval SAS Enterprise scales beautifully to organizations of all sizes. Designed with large-scale network infrastructures in mind, SAS Enterprise provides superior functionality for networks that exceed 250 hosts and support services are readily available 24/7.

View Aanval Enterprise Details: https://www.aanval.com/aanval

Need assistance determining the right license package for your environment? Contact our Sales Dept. at 800-921-2584 or email sales.group @ tacticalflex.com

We invite you to also explore our Product License Comparison at https://www.aanval.com/aanval

View pricing or purchase Aanval products and services securely online https://www.aanval.com/purchase

See Why Customers Choose Aanval SAS (Situational Awareness System)

More than 6,000 customers worldwide including Fortune 500 and SMEs trust Aanval as their Snort, Suricata, and Syslog Intrusion Detection, Correlation, and Threat Management solution. Read the latest customer success story from the retail industry to learn more about the business benefits of Aanval SAS.

Customer Snapshot: A Leading Online Retailer

Industry: A publicly-traded home improvement retailer with 201-500 employees. Company primarily conducts business through e-commerce. All security initiatives are managed in-house.

Customer Need: IT department was searching for a robust IDS utilizing Snort to manage and monitor their growing business and network infrastructure. Initially the company was using a standard Snort interface.

Customer Evaluation of Aanval SAS: Aanval was the primary product evaluated during the solution search process. The company’s Information Security Manager evaluated Aanval for the following security use cases:

1. Log Monitoring and Network Traffic Analysis
2. Packet Management
3. Anomaly Detection
4. PCI Compliance

Aanval SAS met all of the evaluation criteria and found Aanval easy to use, configure, and install. Company has purchased the Aanval SAS commercial license is now using Aanval as their stand alone IDS.

Aanval SAS Has Helped with the Following:

1. Improve Operational Efficiency. Helped streamline the IT process of monitoring activities, analyzing and correlating event data, delivering security alerts, and investigating security incidents.
2. Meet PCI Compliance Initiatives. The Payment Card Industry Data Security Standard (PCI DSS) requires that all retailers and e-commerce sites that process, store, or transmit credit card information maintain a secure environment.
3. Reduce False Positives
4. Provide Needed Situational Awareness
5. Improve Security by Accelerating Detection of Anomalies

The Top Business Benefits of Aanval SAS: 

1. Event Management/Collection
2. False Positive Protection
3. PCI Compliance
4. Affordable Pricing
5. Built-in Automated Offensive Tools That Utilize Nmap. Includes Network Host Scanning, Rogue Host Detection, and Offensive Reconnaissance

New Aanval Features: Syslog Mirroring and Email Reports

New to Aanval SAS in build 70153 are two new features: Syslog Mirroring and Email Reports

Syslog Mirroring
This feature allows the Aanval console to easily and automatically output a stream of Aanval-imported events as user-defined UDP packets to a specific device and port, allowing users to monitor Aanval activity and/or duplicate or store Aanval log data.

Getting Started
Enabling this feature is as simple as detailing where the packets go and what event details are to be sent. Visit our Support wiki for complete and simple instructions: Syslog Mirroring

Email Reports
Aanval has a powerful reporting feature, allowing users to easily and quickly create extremely detailed reports. Reports are viewable in HTML, XML, and Text formats. Those reports can now be emailed in Text format directly from the console Reporting feature.

Getting Started
Visit our Support wiki for complete and simple instructions to first create reports and get them sent: Reports

Don’t have these features yet?
Aanval SAS commercial packages provide users with console maintenance, so they’ll always have the latest build and features. Aanval alerts users of new versions with User Messages that show at the top of the console event feed. Click the information icon to be directed to the Update page, or navigate your console to Console Configuration > Console > Version Management > Update. Once downloaded and installed, accept the EULA and begin enjoying and benefitting from these features, and watch for more to come.

So what else is new?
Read our Release Notes to know the details of each new build. Sign up for our newsletter at Aanval.com to keep apprised of all our upcoming developments and promotions.

Cybercrime in Healthcare Sector Evolving: Point-of-Sale (POS) Breaches Now an Alarming Concern

As technology is continually being used to drive efficiencies into the healthcare system, the potential for data breaches increases exponentially. Healthcare is among the top industries frequently victimized by data breaches with billing records and medical files overwhelmingly the most frequently stolen patient data. According to Navigant’s Information Security & Data Breach Report, healthcare organizations accounted for the highest percentage of data breaches, more than one-third of all data breaches in the United States. In addition, HITRUST’s Analysis of U.S. Healthcare Breach Data revealed that the total number of breaches of over 500 individuals posted to HHS since September 2009 is 495. The total number of records breached is 21.2 million and the average breach size is 42,659.1 at a cost of $8,275,865.40. The study also reported that hospitals and physician practices were responsible for 32% and 25% of total breaches in the healthcare industry. Government institutions experienced the greatest loss of records.

Despite repeated warnings from the Department of Health and Human Services, the healthcare sector is still lagging behind other industries regarding implementing security precautions when it comes to protecting sensitive PHI. The Ponemon Institute’s Cost of Cyber Crime Study reported that fewer than half of healthcare providers surveyed performed an annual security risk assessment. In fact, 52% of organizations that conduct one of these crucial IT audits discover a security breach as a result.

Cyber Criminals Targeting Point of Sale Terminals (POS) Not EHR

According to the article “Cybercrime and the Healthcare Industry,” “healthcare providers have a tough challenge at hand. As administrative technologies like Electronic Health Records (EHR) and online health portals begin to become standard issue, the access to financial data and information so strongly demanded by providers, patients, payers, and employees is also fast becoming a new target for hackers.” According to the Verizon 2013 Data Breach Investigations Report, hackers in healthcare are now more interested in attacking payment point-of-sale systems than actual EHR records. POS terminals accounted for 64% of compromised health care assets compared with 38% of desktops or workstations. The Verizon Risk Team further elaborated in an eWeek article that the “the healthcare area is very used to the patient-privacy aspect of securing the data and may not be paying too much attention to their payment systems. In addition to payments for care, security breaches also involve transactions to hospital gift shops and cafeterias. With the final omnibus rule for the Health Insurance Portability and Accountability Act (HIPAA) requiring risk assessments, health care organizations need to determine their level of preparation for financial attacks.”

A key lesson offered by the Verizon Data Breach Investigation Report is that smaller practices including dental offices and outpatient care facilities are also at a high risk of cyber attacks. Therefore, no healthcare organization is immune to being breached.

Where Should Healthcare IT Departments Target Their Security Efforts?

1. Point of Sales (POS) Terminals and Servers 
Most hackers are not after EHRs; they want financial and insurance information that can be used to steal money and conduct medical and insurance fraud.

2. Desktops and Workstations
93% of healthcare breaches involved hacking and malware. Attacks in the healthcare industry often start by tricking an organization’s employees to install malware on the network.

3. Storage Systems
Storage systems contain financial as well as clinical data that are gold mine for hackers.

About Tactical FLEX, Inc.
Tactical FLEX, Inc. is a privately owned software development firm based in Seattle, specializing in information security research, engineering, technology design, and production. With the technological development of Aanval®, Tactical FLEX, Inc. has become a global provider of information security vulnerability and risk management software solutions that protect businesses of all sizes. Aanval® is the industry’s leading Snort, Suricata, and Syslog Intrusion Detection, Correlation, and Threat Management console on the market. Aanval® currently has over 6,000 customers worldwide including government security, defense organizations, technology corporations, financial services organizations, energy companies, educational institutions, healthcare organizations, biotechnology manufacturers, pharmaceutical companies, law firms, utility providers, and many others. Learn more about Aanval® by visiting http://www.aanval.com. Aanval® may be downloaded for testing and evaluation at http://www.aanval.com/download.

Debunking Common Myths Regarding Security Information and Event Management (SIEM)

In a recent study conducted by Infosecurity Europe, it was revealed that 93% of large organizations have experienced at least one security breach in the previous year. The study also reported that the number of breaches is growing at an alarming rate as organizations experienced, on average, 50% more breaches in the previous year. While security threats continue to escalate, many organizations have deployed or have considered security information and event management (SIEM) solutions in order to obtain a holistic view of their information technology security. The beauty of a SIEM is that it takes all the information gathered from events across the network and tailors it to inform IT departments exactly what is happening and when. SIEM technology is also essential for helping security analysts detect internal and external threats and to perform crucial network forensic analysis. According to Gartner, the demand for SIEM technology is growing at an annual rate of 21% and is the fastest growing areas of the security sector.

Although research shows that SIEM product visibility in the U.S. has improved with higher adoption, proper understanding of the technology is still lacking. Frost & Sullivan, an industry research firm, reported that there is a low level of awareness associated with SIEM solutions and further stated that “it is imperative for SIEM vendors to reach out to enterprise end users to enhance their technological awareness and correct any underlying misconceptions or assumptions which may exist toward the technology.” In this blog, we will review some common myths surrounding SIEM technology to help IT Security Professionals separate truth from fiction.

Myth #1: SIEM Solutions are Resource-Intensive and Require Substantial Financial Investment to Deploy

Answer: In light of the benefits of capitalizing in SIEM technology, the high costs of investing in some SIEM platforms have been holding small- and mid-market enterprises back. It is true that most SIEM solutions require a significant investment up front to get it started and also require an ongoing investment in humans to keep it running. This is what can put some SIEM solutions beyond the reach of SMBs or under-funded enterprises. However, not all SIEM solutions come with hefty price tag. If you’re an SMB or an enterprise-class organization with limited budgets, enterprise-grade SIEM platforms that are affordable and easy to use do exist in the marketplace. These are the hidden gems in the seemingly crowded SIEM market category. However, selecting the right SIEM product is almost entirely based on the use cases an organization is trying to fulfill. For example, if you’re an SMB with a shortage of security analysts, your needs and cost sensitivity will vary widely from that of a large organization. You will most likely require a healthy amount of automated functionality while heavy customization is probably not on the agenda.

Myth #2: SIEM Solutions are Equal in Features and Benefits

Answer: Today’s SIEM should be a powerhouse of data capture, correlation analysis, and reporting. Although SIEMs are pre-packaged with a set of security features, it is important to note that the advanced feature sets vary from vendor to vendor as SIEM vendors specifically market to potential and existing clients based on specific-use cases. In order to fully understand SIEM technology, the common core functions and advanced features sets must be explored. To view the essential features and capabilities of a SIEM technology, please read http://wiki.aanval.com/wiki/Library:The_Essential_Features_and_Capabilities_of_a_SIEM_Technology. As SIEM products mature in the marketplace, vendors will introduce new and advanced features to bring to the table for product differentiation as well as market it for specific use cases to solve a particular security need. Overall, it is important to understand that SIEM vendors are not all equal in capabilities and the product features are only valuable if it meets your business and security needs. For example, Tactical FLEX, Inc. is among SIEM-leading suppliers that provides a very strong focus on intrusion detection for effective threat management. Aanval SIEM commercial solution comes tightly integrated with effective Snort and Suricata open source security tools and can also support any device with syslog capabilities to deliver complete data management. Aanval should be considered by organizations that want a scalable commercially supported SIEM solution utilizing the most widely deployed and trusted intrusion detection system on the market for enhanced security and improved situational awareness and protection. If automation and network visibility are key factors for your network organization, you will benefit immensely with an Aanval SIEM solution. In today’s rapidly changing security environment where network environments are growing ever more distributed and complex to manage, IT departments truly need a flexible SIEM that is designed to scale. To view our SIEM comparison table, please read the following article: How to Find the Right SIEM Solution. A Step-by-Step Guide and SIEM Features Comparison.

Myth #3: SIEM Technology is Only Useful for Log Reporting and Compliance

Answer: Over the years, SIEM has almost become synonymous with log reporting and compliance management. Yet, SIEM technology has far more advanced capabilities than simply helping organizations make sense of log data to meet security and audit regulations. Dr. Anton Chuvakin, a security expert on SIEM technology, finds that “too often, organizations purchase SIEM and log management solutions to check a compliance checkbox. These organizations miss a huge opportunity to improve security.” Fortunately, many organizations are increasingly realizing the value and benefits of SIEM in improving their security posture.

According a recent RSA Survey, these are additional widely used functions and tools of SIEM solutions:
1. Alert anomalies
2. Identify threats and potential high-risk incidents
3. Monitor network traffic
4. Streamline remediation efforts
5. Advance other security operations functions in general

About Tactical FLEX, Inc.
For nearly a decade, Tactical FLEX, Inc. has taken great pride in providing best-of-breed security solutions to every type of organization around the world. Our wide spectrum of customers demonstrates our sincere commitment to an industry that remains at the forefront of the digital evolution of the world. Information security is our business, and our customers are our greatest asset. Tactical FLEX, Inc. is a trusted security vendor protecting more than 6,000 organizations within every industry in more than 100 countries. Our product Aanval® is the industry’s most comprehensive end-to-end Snort and syslog intrusion detection, correlation, and threat management solution, built with a unique Situational Awareness engine, distinct false-positive protection technology, and a fully-integrated event management and attack data correlation engine. Learn more about Aanval SAS™ by visiting http://www.aanval.com

Aanval® is also available for download as a free Community edition for testing and evaluation at http://www.aanval.com/download. Let Aanval SAS™ turn your security event data into actionable and comprehensive insights.