Welcome to the Aanval Wiki. Snort, Suricata and Syslog Intrusion Detection, Situational Awareness and Risk Management.

Visit http://www.aanval.com/ for more information.

Aanval:Situational Awareness

From Aanval Wiki
Jump to: navigation, search
The Situational Awareness engine provides an in-depth event and architecture analysis of the host network.
Situational Awareness

Features

  • Situational Awareness allows analysts to quickly identify which specific host devices, services, and approximate areas of the network that are most at risk and which are more likely to be a problem in the future.
  • Define devices, services, ports, and protocols supported within your environment and let Aanval build detailed summaries of your networks security posture and current risks.
  • The ability to define network devices that helps power Situational Awareness dualistically powers Aanval's False Positive Event Validation engine.

Getting Started

  • This feature is based on knowledge of the network and its devices that must be manually fed to Aanval by the user. To ensure Situational Awareness is working:
  1. Visit Console Configuration (in the lower right-hand corner, the gear)
  2. Select Device Management under General
  3. Select your active device from the right-hand pane under Devices
  4. Proceed to input the device name, IP address, and additional services related to that device. If you're unsure as to what services are available on a given device, use Offensive Reconnaissance to scan the device. Scan results, with available service(s) details, will then be available in Reconnaissance Management, ready for input in Device Management.
  5. You must also select Update after each input.

Users can also automatically add new and known hosts and their basic details (IP, OS fingerprint, interface) using Aanval's Network Host Scanning tool, powered by Nmap.