Aanval is a commercial
SIEM Security information and event management (SIEM) is a field within computer security that combines security information management (SIM) and security event management (SEM) to enable real-time analysis of security alerts generated by applications an ...
product designed specifically for use with
Snort,
Suricata, and
Syslog
In computing, syslog () is a standard for message logging. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, ...
data. Aanval has been in active development since 2003 and remains one of the longest running Snort capable SIEM products in the industry. Aanval is
Dutch for "attack".
History
Aanval was created by Loyal Moses in 2003 but was not publicly made available until March 2004 where it was released under the private commercial license C1-RA1008. Throughout the lifecycle of the software it has also been referred to as OpenAanval or ComAanval in addition to Aanval.
Aanval's had provided
AJAX
Ajax may refer to:
Greek mythology and tragedy
* Ajax the Great, a Greek mythological hero, son of King Telamon and Periboea
* Ajax the Lesser, a Greek mythological hero, son of Oileus, the king of Locris
* Ajax (play), ''Ajax'' (play), by the an ...
style security event monitoring and reporting from a web-browser. Since Aanval's creation, it has developed into an
intrusion detection
An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically either reported to an administrator or collec ...
,
correlation
In statistics, correlation or dependence is any statistical relationship, whether causal or not, between two random variables or bivariate data. Although in the broadest sense, "correlation" may indicate any type of association, in statistics ...
and threat management console with a specific focus on normalizing Snort, Suricata, and Syslog data.
Several information security related books have been published that include details and references to Aanval, including "Linux Server Security, Second Edition" by
O'Reilly Media
O'Reilly Media, Inc. (formerly O'Reilly & Associates) is an American learning company established by Tim O'Reilly that provides technical and professional skills development courses via an online learning platform. O'Reilly also publishes b ...
, "Security Log Management" by
O'Reilly Media
O'Reilly Media, Inc. (formerly O'Reilly & Associates) is an American learning company established by Tim O'Reilly that provides technical and professional skills development courses via an online learning platform. O'Reilly also publishes b ...
, "Snort: IDS and IPS Toolkit" by
O'Reilly Media
O'Reilly Media, Inc. (formerly O'Reilly & Associates) is an American learning company established by Tim O'Reilly that provides technical and professional skills development courses via an online learning platform. O'Reilly also publishes b ...
and in 2010 "Unix and Linux System Administration Handbook, Fourth Edition"
Unix and Linux System Administration Handbook, Fourth Edition: Safari Books Online
/ref> by O'Reilly Media
O'Reilly Media, Inc. (formerly O'Reilly & Associates) is an American learning company established by Tim O'Reilly that provides technical and professional skills development courses via an online learning platform. O'Reilly also publishes b ...
.
See also
* Snort
* Intrusion detection system
An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically either reported to an administrator or collec ...
(IDS)
* Intrusion prevention system
An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically either reported to an administrator or collec ...
(IPS)
* Network intrusion detection system (NIDS)
* Sguil
References
External links
* {{Official website, http://www.aanval.com/
Aanval wiki
Snort homepage
OISF homepage
Computer security software