pkgsrc/security/base/DESCR

The Basic Analysis and Security Engine (BASE) is a PHP-based analysis
engine to search and process a database of security events generated by
various IDSes, firewalls, and network monitoring tools.  The features currently
include:

 o Query-builder and search interface for finding alerts matching
   on alert meta information (e.g. signature, detection time) as well as
   the underlying network evidence (e.g. source/destination address, ports,
   payload, or flags).

 o Packet viewer (decoder) will graphically display the layer-3 and
   layer-4 packet information of logged alerts

 o Alert management by providing constructs to logically group alerts
   to create incidents (alert groups), deleting the handled alerts or
   false positives, exporting to email for collaboration, or archiving of
   alerts to transfer them between alert databases.

 o Chart and statistic generation based on time, sensor, signature, protocol,
   IP address, TCP/UDP ports, or classification
The Basic Analysis and Security Engine (BASE) is a PHP-based analysis engine to search and process a database of security events generated by various IDSes, firewalls, and network monitoring tools. The features currently include: o Query-builder and search interface for finding alerts matching on alert meta information (e.g. signature, detection time) as well as the underlying network evidence (e.g. source/destination address, ports, payload, or flags). o Packet viewer (decoder) will graphically display the layer-3 and layer-4 packet information of logged alerts o Alert management by providing constructs to logically group alerts to create incidents (alert groups), deleting the handled alerts or false positives, exporting to email for collaboration, or archiving of alerts to transfer them between alert databases. o Chart and statistic generation based on time, sensor, signature, protocol, IP address, TCP/UDP ports, or classification 2006-01-03 22:09:44 +01:00			`The Basic Analysis and Security Engine (BASE) is a PHP-based analysis`
			`engine to search and process a database of security events generated by`
			`various IDSes, firewalls, and network monitoring tools. The features currently`
			`include:`

			`o Query-builder and search interface for finding alerts matching`
			`on alert meta information (e.g. signature, detection time) as well as`
			`the underlying network evidence (e.g. source/destination address, ports,`
			`payload, or flags).`

			`o Packet viewer (decoder) will graphically display the layer-3 and`
			`layer-4 packet information of logged alerts`

			`o Alert management by providing constructs to logically group alerts`
			`to create incidents (alert groups), deleting the handled alerts or`
			`false positives, exporting to email for collaboration, or archiving of`
			`alerts to transfer them between alert databases.`

			`o Chart and statistic generation based on time, sensor, signature, protocol,`
			`IP address, TCP/UDP ports, or classification`