Need help installing your IDS? Watch us install Snort, Barnyard2, Aanval SAS, and every necessary component on YouTube.

Tactical FLEX, Inc. has launched a short series available now on YouTube, detailing how to install and configure a complete IDS system, from Snort, Barnyard2, every necessary component, to especially Aanval SAS at the helm.

The install occurs on a Mac mini running OS X 10.8.2. You can find the guide used at our wiki: Complete Aanval IDS OS X Install Guide

Watch Now! 

Part 1: Preparation

Part 2: Snort

Part 3: Barnyard2

Part 4: Aanval SAS

Part 5: Extras (Launch Daemons, Nmap)

Does your SIEM have GeoLocation? Aanval SAS does. And it’s good.

Aanval SAS has an all-new mapping framework that permeates more than just the basic map display; within the Frequent Targets and Frequent Offenders displays, see a detailed map alongside that starring list, pinpointing their global location.

Simply hover the mouse over a country to highlight and name it, and hover over the site of an event (offender or target) to get their precise coordinates. 

Just how “offensive” is that location? Its red target marking its location augments as sourced events increase, so before you even look at its detailed record, you know by its size how threatening it could be.

GeoLocation is simple to set up and use, and it comes as a standard option with every Aanval package.

View the Getting Started guide at our wiki site, http://wiki.aanval.com/wiki/Aanval:Live_GeoLocation, or watch the video tutorial at YouTube: http://www.youtube.com/watch?v=nyb5pMLJhwQ

Easy Signature Management with Aanval SAS

A core component of an IDS system are the signatures attached to the sensors. Snort and Suricata sniff network traffic and produce valuable event data based on rules. Aanval SAS allows the user to manage those rules directly from the console using the Sensor Management Tools (SMTs). Rather than sifting through a conf file, users easily select which rules should be attached to which policy and which sensor, and then push those updates to the sensors. The SMTs can also pull current conf files and rules, make necessary modifications, and then send them back.

Learn more about Aanval SAS’ Sensor Management Tools and install them on your sensors: http://wiki.aanval.com/wiki/Aanval:Sensor_Management_Tool

Nuisance Events

It can take time to add and remove rules when creating a custom recipe for an environment. Aanval SAS provides two different methods for managing nuisance events: silence them with the SMTs and also with an Action Management system that can automatically detect entered events or other criteria and execute when triggered, to send an alert or simply delete the event, keeping it out of view.

Learn how to manage and suppress nuisance events and create your own custom signature recipe: http://wiki.aanval.com/wiki/Aanval:Event_Suppression

New Community Portal

Industry and Community Support

The information security sector in whole is important to Tactical FLEX, and we constantly strive to improve our efforts in supporting and helping provide tools, education and resources.

In our work to continue to support our industry, we’ve created a Community Portal section in our Aanval wiki that is dedicated to installation and instruction documentation for Snort and Suricata. These documents are maintained and will continue to provide a centralized resource for our customers, users and those who may use competing products but simply need a boost in the right direction.

Browse the new Community Portal using the following link:

http://wiki.aanval.com/wiki/Aanval:Community_portal

More about Aanval

We support over 6,000 customers in more than 100 countries by delivering real-time, continuous network monitoring and by providing a wide range of product manuals, information security articles, and up-to-date how-to guides. Built with a unique Situational Awareness engine, users rely on Aanval because it provides a proactive tool to combat cyber threats and safeguard their virtual and physical assets.

Aanval continues to support both the information security and open source Snort and Suricata communities by providing users with a free non-commercial version of Aanval® that allows full functionality of a single-sensor device. Aanval is designed to work with all versions of Snort and Suricata, and can process syslog data from any device capable of external logging.

Aanval is available for download as a free Community edition, in addition to an unlimited sensor-capacity, commercially purchased and supported Snort, Suricata, and syslog license. Downloading and installing Aanval is free and takes only minutes to accomplish. Designed to work with all current Linux, Unix, and Mac OS X flavors of operating systems, you can be up, running, and viewing events within minutes. Let Aanval turn your data into actionable and comprehensive insights to reduce security risks.

Free download here: Aanval Community Edition

Aanval® is the industry’s most comprehensive end-to-end SIEM-based Snort and Suricata IDS solution, built with a unique Situational Awareness engine, distinct false-positive protection technology, and a fully integrated event management and attack data correlation engine.

Learn more at http://www.aanval.com