| Description: |
SnortCon is a web-based utility that provides a high-level overview of the threats that a network is facing. SnortCon requires that Snort is logging to a MySQL database. The interface updates at user configurable intervals to show the following information: top/recent attacks, top/recent attackers, number of events over the past {5,15,30,60} minutes, and the current SnortCon.
The SnortCon can be three values, HIGH, MEDIUM, OR LOW. It is calculated based on the number of Snort events that have been generated during a pre-defined interval. Attack data is also displayed in a graphical form for the last 60 minutes and last 24 hours. Recent Attack Detail for the past 30 minutes is also available. The tool is primarily intended to be high-level and not meant to replace detailed analysis tools such as ACID.
|
