|
| Compatible Versions As of Aanval 3, all versions of snort are fully supported. Aanval's processing, reporting and management features are tested and confirmed to operate correctly with all versions of snort. Aanval supports the simultaneous use of different snort sensor versions within the same environment. Oinkmaster Code An Oinkmaster Code is the unique key that is used to automate the downloading of Snort signatures from the Snort website. The code, similar to this "5a081649c06a277e1022e1284bdc8fabda70e2a4" is used within Aanval to allow the console to regularly and automatically download new signatures. An Oinkmaster Code may be obtained by logging in to the official Snort website, visiting your account settings / options page and choosing the option to "Get a code". What is Snort? Snort is arguably the worlds most widely used free intrusion detection system ("IDS") and intrusion prevention system ("IPS") designed to perform packet logging and real-time traffic analysis of IP networks. Snort is a signature based IDS / IPS with packages available for all operating system platforms and boasts an impressive global community of users and supporters. Snort requires an interface, GUI or management console to be effective. The official Snort website is:ï¾ http://www.snort.org Delete / remove snort sensor Aanval pulls the list of available snort sensors directly from the configured snort database, and removing a sensor from this database will cause a loss of event data associated with the deleted sensor. For this reason, the console does not provide a simple method of removing / deleting a snort sensor. Remove an Aanval sensor, is as easy as simply disabling the sensor within the Snort Configuration window. However, this process (for those who understand the implications) is relatively simple. You may simply delete the associated sensor from the "sensor" table of the configured snort database. This can be done from the MySQL command line, with the following command: "DELETE FROM sensor WHERE sid = X;" Where X is the sid of the sensor you wish to permanently delete. You may see a list of available snort sensors (to obtain the correct sid), using the following MySQL command: "SELECT * FROM sensor;" Note, this process does orphan events associated with this sensor as they will remain in the database. Only the sensor record is effected. Logos and trademarks are property of their respective owners. |
