Welcome to the Aanval Wiki. Snort, Suricata and Syslog Intrusion Detection, Situational Awareness and Risk Management.

Visit for more information.


From Aanval Wiki
Jump to: navigation, search

Aanval is the industry's most comprehensive Snort, Suricata, and syslog intrusion detection, correlation, and threat management console on the market, and is designed specifically to scale from small single-sensor installations to global enterprise deployments.

Aanval has been in active development since 2003 and remains one of the longest running Snort-capable GUI/front-end products in the industry.

Currently, there are over 6,000 organizations worldwide in more than 100 countries that rely upon Aanval as part of their security infrastructure. These organizations include government security, defense organizations, weapons manufacturers, technology corporations, global financial organizations, space explorations, educational institutions, healthcare providers, and many others.

Aanval's primary function is to correlate data from multiple sources, bring together billions of events, and present users with a holistic view of false-positive free, network security situational awareness.


  • Free and Commercial
  • 8-5 and 24h Support
  • Web-browser based
  • Industry standard HTML Javascript
  • Situational Awareness Engine
  • Network Host Scanning
  • Rogue Host Detection
  • Offensive Reconnaissance
  • Correlation Engine
  • False Positive Event Validation
  • Real-time GeoLocation
  • Advanced Searching
  • Comprehensive Reporting
  • Event Tagging
  • Signature Management


Having been in active deployment and ever-continuing research and development since 2003, Aanval has undergone version changes and definitions, from OpenAanval, ComAanval, and Aanval (as it's known today), to the newly launched Aanval SAS.

Community Version

Tactical FLEX, Inc. offers a free limited version of Aanval, known as the Community Version, designed for a basic hands-on experience and evaluation. Users can use one Snort or Suricata and one syslog license.

Aanval SAS

Aanval SAS (Situational Awareness System) is a the most advanced and feature-laden version of Aanval to-date, and is available in two versions: Aanval SAS (standard) and Enterprise. First available and launched in version 7.1, Aanval SAS offers Network Host Scanning, Rogue Host Detection, and Offensive Reconnaissance, a trio of Nmap-powered features that automatically scan parent networks, offending networks, and feed device activity, classified and displayed as events, to Aanval's Live Monitor, complete with activity-based signature IDs, risk levels, and IPs. And since console activities are displayed as events, analysts can search such events, produce reports, and gage a deeper level of network posture and situational awareness.

See Also