Aanval is the industry's most comprehensive snort & syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is available for download as a free single-sensor version in addition to commercially purchased and supported snort and / or syslog licenses. Appliances are also available in a wide variety of sensor and server configurations. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.

Snort and Syslog

Not only is Aanval a well known and successful Snort intrusion console; Aanval normalizes syslog data and log files for fast, efficient searching, correlation and reporting right along with your Snort data. Ultimately, Aanval brings snort and syslog together into a single, efficient and scalable solution. Aanval is capable of working with either Snort or syslog data, together or independently. Aanval is compatible with all versions of Snort.

Aanval iPhone App

Aanval is the first and only intrusion console to provide native iOS access to live Snort and Syslog event data. Access event details directly from your iPhone, iPod Touch and iPad from anywhere you have access to your Aanval console. The Aanval iPhone App is designed to work with both the free and commercial versions of Aanval. Requires Aanval 5.5 build 50743 or greater.

Cost Effective

Aanval's license model is very simple and straight forward. Each sensor (snort or syslog) requires a single license to provide unlimited processing functionality. A purchased commercial license does not expire and will function with the current major release of Aanval and includes all updates and upgrades for the respective version. Aanval is the only competitively priced, feature rich, low cost alternative snort interface on the market.

Scalable

From small business single sensor deployments to large scale multiple sensor enterprise and government environments, Aanval was designed to scale.

Storage

Significant research and intense development of Aanval 5 brings about the ability to store nearly an unlimited number of events within the console. As long as disk space is available, event storage continues without effecting performance. Deployed installations with more than 10, 20 and even 100 million events are not uncommon. View, browse, report and search through millions and even billions of stored events.

Live and Real Time

Not only does Aanval process incoming data and make it available in real time, Aanval provides multiple advanced real-time event and statistics displays to help users grasp current security and situational awareness. Aanval 5 includes updates and enhancements to our popular and well known Live Event Monitor. View and respond to events in real time!

Advanced Search

Search results and correlation displays are quick, simple and efficient. Find targeted events using specific meta-data criteria and full text searches.

Unique Displays

Unique event and data views to provide high level threat understanding with detailed statistics and animated charting and graphing. Most frequent and least frequent displays are available for attacked targets, attack sources and intrusion event signatures. Search and report on selected events with as much as a double-click.

Advanced Visualization

Aanval is built with the most advanced browser based technology available today, and uses state-of-the-art visualization tools and techniques to provide users with powerful, alternative views for snort and syslog data.

Charts and Graphs

We all know charts and graphs can be both useful and unnecessary eye candy, however we believe Aanval provides a great balance between raw event data and graphical representation. Charts and graphs, both static and real-time animated views are available in searches, summaries, reports and dedicated displays.

Reporting

Aanval 5's reporting system utilizes the same advanced core search engine as the primary console. Reporting on select searches has never been easier and more efficient. Reports may be displayed, scheduled, managed and emailed all from within a simple to use, yet powerful interface. Reports are available in HTML, XML, TEXT, PDF and native console formats.

Event Details

Aanval provides access to event details through a powerful multiple event window interface. Use these windows side by side to compare or contrast console events for fast analysis and research. External network address lookups can be done with a single click, detailed payload display for both snort or syslog, external snort signature details as well as viewing and attaching notes to any event.

Snort Signature Management

Users may create, manage and deploy snort signature policies for single or multiple sensors all from within the easy to use multiple window interface. Aanval allows users to download signature packs directly from snort.org as well as any of the widely available custom signature packs on the Internet.

Snort Sensor Management

Through the use of the Aanval Sensor Management Tools ("SMT"'s), Aanval allows users to fully manage local and remote snort sensors. More than just starting and stopping snort, Aanval automates the task of monitoring snort's status and will automatically restart snort if it fails and alert of potential snort related problems and issues.

Snort Sensor Permissions

Aanval provides sensor access control on a per user basis. Assigning a user to a snort or syslog sensor provides access only to the selected sensor. Sensor configuration and permissions can only be modified by users with administrator privileges.

Automated Actions

Aanval includes a sophisticated criteria matching based event action system, which sends email or audio alerts, executes shell scripts as well as performs maintenance tasks liking ignoring or deleting events.

Nmap Scanning

Aanval 5 includes an all new updated Nmap scan and schedule management system. Perform simple or complex host and network scans as well as view, manage and email scan results right from within Aanval.

Platform Compatibility

The Aanval Console may be installed on all major Linux and Unix distributions including Mac OS X, which support Apache, PHP4 / PHP5 and MySQL 4 / MySQL 5. Aanval Sensors (either Snort or Syslog) may be on any networked operating system or device.

Advanced Flex Interface

Flex is Adobe's RIA development language, which is leading the frenzied race to provide the Internet with the next generation of advanced Internet based applications. Flex is a combination of AS3 (Fully Object Oriented ActionScript) and MXML (Markup Language), compiled to deliver a rich user application experience for both the browser and desktop alike.