Highlighted Features

Intrusion Detection, Correlation, and Threat Management Aanval does more than just display event data; it does the work for you. Aanval includes a sophisticated event correlation engine to logically group detected attacks from your Snort, Suricata, and syslog sensors together. It even does it in real-time.

Situational Awareness™ Situational Awareness within Aanval allows analysts to quickly identify which specific devices, services, and approximate areas of the network are most at risk and which are more likely to be a problem in the future.

Offensive Reconnaissance™ Aanval SAS is no longer a passive bystander in the info-sec arena. Now capable of both manual and automated network host reconnaissance, Aanval will identify host operating systems, services, and up/down state at the click of a mouse or completely automated.

Rogue Host Detection New and unauthorized devices on private networks is one of the largest threats networks face. Aanval now includes an automated rogue host identification system that discovers and alerts when these pesky little devices appear.

False Positive Protection Aanval SAS' event validation engine automatically tags and filters events to help keep false positives from overpowering true risks, allowing analysts and engineers to focus and get back to protecting the network.

Real-time GeoLocation Displays View attack vectors in real-time using Aanval's new wide-range of GeoLocation displays. Know the precise location on this planet from where those attacks are being sourced.

Aanval is available for download as a free community-edition in addition to an unlimited, commercially purchased and supported Snort, Suricata and Syslog license.

Regardless of your budget or event capacity requirements, Aanval is the answer to your intrusion detection needs. Fully integrated with Snort, Suricata and Syslog sourced data, Aanval is the only interface / gui on the market in its class.

Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.

Billions and Billions

Aanval is built upon a sophisticated and time-tested data storage mechanism that allows for event storage that is only limited by disk space resources. Store billions of Snort, Suricata and syslog events locally or remotely without adversely affecting performance.

Aanval v7 includes our unique Situational Awareness engine, which provides in-depth event and architecture analysis of the current network security state.

Situational Awareness within Aanval, allows analysts to quickly identify which specific devices, services and approximate areas of the network that are most at risk and which are more likely to be a problem in the future.

Analysts can configure networks, devices, IP addresses, services and ports within Aanval that allow our Situational Awareness engine to quickly summarize network event information and provide analysts with the resources they need to identify actual risks and make critical decisions.

Aanval 7 takes advantage of nmap, the industry's most well-know and accomplished port scanning utility to perform both automated and on-request network reconnaissance.

Network host availability, port & service scanning as well as OS fingerprinting are now available directly from within Aanval.

Rogue Host Detection

Automated rogue host detection and alerting capabilities are now built-in to Aanval to help security analsysts and network administrators stay on-top of these pesky little devices.

Aanval keeps full logs of network hosts and reconnaissance results and uses this information within the its correlation engine to better represent valid events and limit false-positives.

Aanval includes a powerful event validation engine that performs real-time analysis of events against customizable network, device and service definitions.

False positives are the number one reason intrusion analysis systems fail to provide accurate and timely results. Even small numbers of false positives are costing organizations significant amounts of time, resources and allocated budgets to manage.

Aanval v7's event validation engine automatically tags and filters events to help keep false positives from overpowering true risks, allowing analysts and engineers to focus and get back to protecting the network.

To faciliate many of Aanval's powerful event validation, correlation and alerting mechanisms, the console includes a network host scanning module that scans local networks and builds device and network profiles automatically.

Hosts, operating systems, services, interfaces and network addresses are automatically recorded to prevent analysts from wasting precious time and help them protect their network.

Host scanning is essential in uptime performance monitoring as well as a critical component in Aanval's Rogue Host Detection system.

Aanval v7 has the ability to view real-time IP GeoLocation data.

Aanval provides live and interactive IP GeoLocation displays to aid analysts in quickly identifying the global location of offending traffic. IP addresses of intrusion events are plotted on a fully interactive global map in both real-time and static forms.

Additionally these advanced displays help define patterns of attack that might otherwise go unnoticed.

Dozens of displays designed to provide Analysts with near limitless viewing angles on attack data and correlated events. Events sorted and graphed by risk, signature statistics and interactive timelines are only a few of the powerful new features in this release of Aanval.

Additionally, Aanval includes powerful Geo IP Location details to allow analysts to quickly identify attack proximity for complete situational awareness.

Aanval v7 brings about the addition of a very powerful event tagging system, which allows individual users as well as teams to tag events with an unlimited number of keywords that may define that various characteristics of an intrusion event.

Default tags are provided and each user can create their own set of custom tags. Tags can be added to events individually as needed or through the automated action system as events are imported and normalized.

Searching and reporting by tags is supported and tag statistics displays are included as well.

An analysts brain is very much tied to a timeline of events when mitigating an ongoing attack or investigating historical event results.

Aanval includes advanced new timeline based charts and graphs in addition to our standard sets. This graphing ability allows an analyst to see data from new angles and identify patterns that may have previously gone unnoticed.

Charts and graphs are Javascript based, enabling them to work on all desktop and mobile platforms.

Significant research and intense development of Aanval v7 brings about the ability to store nearly an unlimited number of events within the console. As long as disk space is available, event storage continues without effecting performance.

Deployed installations with more than 100 million, 500 million and even 1+ billion events are not uncommon.

Data can be stored locally or remotely and remains easily accessible for searching, reports and statistics.

Big features in a competively priced product is exactly how Aanval has made it's mark in the industry.

Aanval includes real-time Snort, Suricata and Syslog event correlation - normalizing and effectively merging various event engine types into a single meaninful display.

Aanval is the only competitively priced, feature rich, Snort GUI as well as Suricata interface on the market with a feature list this accomplished.

Not only does Aanval process incoming data and make it available in real time, Aanval provides multiple advanced real-time event and statistics displays to help users grasp current security and situational awareness.

Aanval v7 includes significant updates and enhancements to our popular and well known Live Event Monitor.

View and respond to events in real time!

Search results and correlation displays in addition to being extremely powerful are quick, simple and efficient.

Find targeted events using specific meta-data criteria as well as perform full clear text searches of all event fields including payload data for Snort, Suricata and syslog.

Additionally, Aanval supports a wide range of custom search keywords to locate events based upon time periods, risk level, relation to one another and more.

We all know charts and graphs can be both useful and unnecessary eye candy, however we believe Aanval provides a great balance between raw event data and graphical representation.

Charts and graphs, static, interactive and real-time animated views are available in searches, summaries, reports and dedicated displays.

Our charting and graphing capabilities are based on industry standard Javascript technology, ensuring they display equally as impressive on all desktop and mobile devices.

Aanval's reporting system utilizes the same advanced core search engine as the primary console. Reporting on select searches has never been easier and more efficient.

Reports may be displayed, scheduled, managed and emailed all from within a simple to use, yet powerful interface.

Reports are available in HTML, XML, TEXT and native console formats.

Aanval supports Snort and Suricata signatures from any current source including signatures created and deployed by Sourcefire as well as Emerging Threats.

Aanval users may create, manage snort signature policies that can be deployed manually or automatically across single and multiple sensor architectures. Aanval allows users to download signature packs directly from snort.org as well as any of the widely available custom signature packs on the Internet.

Additionally, Aanval supports full sensor management functionality including manual and automated stopping and starting of Snort and Suricata. Email alerts if IDS engines fail and more.

Aanval includes a sophisticated criteria based event action system, which reacts to incoming events in real-time.

Our sophisticated actions module is capable of sending emails, generating audio alerts, performing maintenance and even executing customized shell scripts to do just about anything you can think of.

Many clients build and deploy advanced action scripts to update firewall rules, generate custom statistics and even trigger remote operations.

Aanval provides a consistent layout for all event details regardless of source (Snort, Suricata and / or Syslog data). Aanval displays appropriate network layer details, protocols, full encoded / decoded payload as well as the signature that triggered the event.

External network address lookups can be done with a single click as well as tagging events and adding notes are among the various features of the event details display.