Welcome to the Aanval Wiki. Snort, Suricata and Syslog Intrusion Detection, Situational Awareness and Risk Management.
Visit http://www.aanval.com/ for more information.
The Situational Awareness engine provides an in-depth event and architecture analysis of the host network.
- Situational Awareness allows analysts to quickly identify which specific host devices, services, and approximate areas of the network that are most at risk and which are more likely to be a problem in the future.
- Define devices, services, ports, and protocols supported within your environment and let Aanval build detailed summaries of your networks security posture and current risks.
- The ability to define network devices that helps power Situational Awareness dualistically powers Aanval's False Positive Event Validation engine.
- This feature is based on knowledge of the network and its devices that must be manually fed to Aanval by the user. To ensure Situational Awareness is working:
- Visit Console Configuration (in the lower right-hand corner, the gear)
- Select Device Management under General
- Select your active device from the right-hand pane under Devices
- Proceed to input the device name, IP address, and additional services related to that device. If you're unsure as to what services are available on a given device, use Offensive Reconnaissance to scan the device. Scan results, with available service(s) details, will then be available in Reconnaissance Management, ready for input in Device Management.
- You must also select Update after each input.