SecurityFocus.com is proud to announce ARIS Analyzer
The ARIS Analyzer is a free service that allows you to submit attack data collected by intrusion detection systems and helps you manage your security incidents. ARIS Analyzer also allows you to correlate your attacks with those seen by other people.
A lot of the ideas and reasoning behind ARIS came from this mailing list, INCIDENTS. I hope we have created a free service that will meet some of your incident handling needs.
In particular ARIS allows you to:
* Submit IDS data via the ARIS Extractor. An open source tool that takes your IDS data, cleans it up, and sends it securely to ARIS.
* Anonymize your data by stripping the destination IP address before submitting it to ARIS.
* Provide you with more information about an attack by cross-referencing the BUGTRAQ vulnerability database.
* Determine the organization responsible for the IP address source of an attack, as well as their ISP.
* To send an incident report to the organization responsible for the IP address source of an attack, as well as their ISP.
* Determine whether others are seeing attacks from the same sources you are.
* Generate a series charts and reports with data derived from your attacks logs in order to better understand hostile traffic directed at your network(s).
Currently we support the following IDS programs:
* Snort 1.6-1.7
* Network ICE BlackICE all versions
* Network ICE ICEpac 2.1 and later
* Cisco Secure IDS (formerly NetRanger)
* ISS Real Secure 3.1-5.5
The ARIS Extractor is an open source tool and we encourage people to modify it to support additional IDS programs.
We could not have brought you this service without Alfred Huger, our VP of Engineering. As the person in charge of this project he took it from the concept stage to a fielded service in a minimum amount of time while making judicious use of our resourced. Kudos to him and the rest of our engineering staff.
We are already working on improving the next revision of the service in a number of ways. Your feedback is greatly appreciated.
To learn more or join please visit http://aris.securityfocus.com/