Welcome to the Aanval Wiki. Snort, Suricata and Syslog Intrusion Detection, Situational Awareness and Risk Management.
Visit http://www.aanval.com/ for more information.
The Aanval console itself can act as a sensor. Console events are logged, correlated, and displayed alongside network events. Because console activity is logged, analysts can further perform Advanced Searches for specific activity and generate reports.
Aanval's Network Host Scanner engine coincides with the console to detect new devices connected to the network, when they or existing devices disconnect, and when a connected device successfully logs into the Aanval console, or even when a failed attempt occurs, and alert the user.
Network scans will produce event IDs specific to the console activity. These IDs will be attached to console events and can be searched and reported.
Below is a table of event IDs and their descriptions.
|Console Signature ID||Console Class ID||Description|
|3333000||1||Network Host Scanner found 0 new hosts|
|3333001||1||Network Host Scanner found 1 or more new hosts|
|3333003||1||Failed login attempt|
|3333004||1||User logout request|
|3333005||1||New user created|
|3333050||1||Datastore rotation performed|
|3333051||1||Datastore rotation request|
|3333052||1||Datastore deletion request|
|3333053||1||Datastore update request|
|3333100||1||New sensor created|
|3333105||1||Snort tracker reset|
|3333106||1||Snort reimport request|