Welcome to the Aanval Wiki. Snort, Suricata and Syslog Intrusion Detection, Situational Awareness and Risk Management.
Visit http://www.aanval.com/ for more information.
Aanval includes a powerful False Positive Event Validation engine that performs real-time analyses of events against customizable network, device, and service definitions.
False positives are the number one reason intrusion analysis systems fail to provide accurate and timely results. Even small numbers of false positives are costing organizations significant amounts of time, resources, and allocated budgets to manage.
Aanval v7's event validation engine automatically tags and filters events to help keep false positives from overpowering true risks, allowing analysts and engineers to focus and get back to protecting the network.
- Note: Event Validation works hand-in-hand with Aanval's Situational Awareness engine in Aanval v7. Follow the Getting started with Situational Awareness guide to additionally activate False Positive Event Validation.
For more information about how Event Validation works, visit our FAQ page.