Welcome to the Aanval Wiki. Snort, Suricata and Syslog Intrusion Detection, Situational Awareness and Risk Management.

Visit http://www.aanval.com/ for more information.

Aanval:Live GeoLocation

From Aanval Wiki
Jump to: navigation, search
Live GeoLocation

Aanval provides live and interactive IP GeoLocation displays to aid analysts in quickly identifying the global location of offending traffic. IP addresses of intrusion events are plotted on a fully interactive global map in both real-time and static forms.

Additionally these advanced displays help define patterns of attack that might otherwise go unnoticed.

New to Aanval v7, users can view GeoLocation displays within the Frequent Offenders and Frequent Attacks menus, and each country is highlighted and named when hovered by the mouse.

Getting Started

  • You can also watch the Video Tutorial on YouTube: [1]
  1. Visit Console Configuration (in the lower righthand corner, the gear)
  2. Select Console Preferences under General
  3. Scroll to GeoLocation Database Download and click Download Now. The necessary file will then be downloaded, imported, and ready for use in a short time.
  • Note: if the GeoLocation database is not properly importing and processing, ensure the "unzip" command is available on your particular flavor of Linux, Unix, or Mac OS X. This command is necessary for Aanval to decompress the downloaded GeoLocation database that is used to plot data on the maps within Aanval.
    Additionally, if unzip is installed and GeoLocation data still isn't being downloaded and imported, ensure the machine has permissions to access external sites via HTTP.

See Also