Login » Create Account

Aanval Snort, Suricata, and Syslog GUI

Mother Approved.


Aanval SMB / SAS / Enterprise

Aanval is the industry's most comprehensive Snort and Syslog Intrusion Detection, Correlation, and Threat Management console on the market. Aanval supports both Snort and Suricata, as well as any syslog data source, and is designed specifically to scale from small single-sensor installations to global enterprise deployments.

Aanval was created in 2003 and is currently the longest running Snort GUI/interface under continuous development on the market today.

Create an account to download Aanval; register for an Upcoming Event or schedule a one-on-one demo.

Product Brief

All of Aanval's important little details in one downloadable document.

Aanval SAS Product Technology Brief (PDF)

Installs in Minutes

Downloading and installing Aanval is free and takes only minutes to accomplish. Designed to work with all current Linux, Unix, and Mac OS X flavors of operating systems, you can be up, running, and viewing events within minutes.

Get Started Now! Download Aanval

Highlighted Features

Green Star

Intrusion Detection, Correlation, and Threat Management
Aanval does more than just display event data; it does the work for you. Aanval includes a sophisticated event correlation engine to logically group detected attacks from your Snort, Suricata, and syslog sensors together. It even does it in real-time.

Green Star

Situational Awareness™
Situational Awareness within Aanval allows analysts to quickly identify which specific devices, services, and approximate areas of the network are most at risk and which are more likely to be a problem in the future.

Green Star

Offensive Reconnaissance™
Aanval SAS is no longer a passive bystander in the info-sec arena. Now capable of both manual and automated network host reconnaissance, Aanval will identify host operating systems, services, and up/down state at the click of a mouse or completely automated.

Green Star

Rogue Host Detection
New and unauthorized devices on private networks is one of the largest threats networks face. Aanval now includes an automated rogue host identification system that discovers and alerts when these pesky little devices appear.

Green Star

False Positive Protection
Aanval SAS' event validation engine automatically tags and filters events to help keep false positives from overpowering true risks, allowing analysts and engineers to focus and get back to protecting the network.

Green Star

Real-time GeoLocation Displays
View attack vectors in real-time using Aanval's new wide-range of GeoLocation displays. Know the precise location on this planet from where those attacks are being sourced.

Aanval Product Comparison

Aanval SAS (Situational Awareness System) is the latest evolution in Aanval's 10-year history.

Combining our advanced indexing, correlation, and reporting technology with Network Host Scanning, Rogue Host Detection, and Offensive Reconnaissance, Aanval provides an unparalleled oversight of the networks it protects.

Aanval SAS is a complete end-to-end solution that is time-tested and industry-proven.

  Aanval Community Aanval SMB Aanval SAS Aanval SAS Enterprise
Situational Awareness™
Offensive Reconnaissance™
Rogue Host Detection
Network Host Scanning
False Positive Protection
Billions of Events
Live Event Monitor
Live GeoLocation
Event Correlation
Automated Actions
Sensor Management
Signature Management
Event Tagging
Unlimited Snort & Suricata Limited to 1 sensor
Unlimited Syslog Limited to 1 sensor
8 to 5 Telephone Support 30 days
24/7 Telephone Support Unavailable Unavailable Unavailable
Major & Minor Updates
Maintenance & Patches
Remote Access Support
Wiki & Website Support
Network Size (Unique IP Addresses/Hosts) N/A
(Research & Evaluation)
Fewer than 25 25 to 249 More than 250
Annual Pricing Free $795.00 $2,995.00 $5,995.00
  Download Buy Now Buy Now Buy Now

Free and Commercial

Aanval is available for download as a free community-edition in addition to an unlimited, commercially purchased and supported Snort, Suricata and Syslog license.

Regardless of your budget or event capacity requirements, Aanval is the answer to your intrusion detection needs. Fully integrated with Snort, Suricata and Syslog sourced data, Aanval is the only interface / gui on the market in its class.

Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.

Billions and Billions

Aanval is built upon a sophisticated and time-tested data storage mechanism that allows for event storage that is only limited by disk space resources. Store billions of Snort, Suricata and syslog events locally or remotely without adversely affecting performance.

Click to view screenshot

Situational Awareness™

Aanval v7 includes our unique Situational Awareness engine, which provides in-depth event and architecture analysis of the current network security state.

Situational Awareness within Aanval, allows analysts to quickly identify which specific devices, services and approximate areas of the network that are most at risk and which are more likely to be a problem in the future.

Analysts can configure networks, devices, IP addresses, services and ports within Aanval that allow our Situational Awareness engine to quickly summarize network event information and provide analysts with the resources they need to identify actual risks and make critical decisions.

Click to view screenshot

Offensive Reconnaissance™

Aanval 7 takes advantage of nmap, the industry's most well-know and accomplished port scanning utility to perform both automated and on-request network reconnaissance.

Network host availability, port & service scanning as well as OS fingerprinting are now available directly from within Aanval.

Rogue Host Detection

Automated rogue host detection and alerting capabilities are now built-in to Aanval to help security analsysts and network administrators stay on-top of these pesky little devices.

Aanval keeps full logs of network hosts and reconnaissance results and uses this information within the its correlation engine to better represent valid events and limit false-positives.

Click to view screenshot

False Positive Protection

Aanval includes a powerful event validation engine that performs real-time analysis of events against customizable network, device and service definitions.

False positives are the number one reason intrusion analysis systems fail to provide accurate and timely results. Even small numbers of false positives are costing organizations significant amounts of time, resources and allocated budgets to manage.

Aanval v7's event validation engine automatically tags and filters events to help keep false positives from overpowering true risks, allowing analysts and engineers to focus and get back to protecting the network.

Click to view screenshot

Network Host Scanning

To faciliate many of Aanval's powerful event validation, correlation and alerting mechanisms, the console includes a network host scanning module that scans local networks and builds device and network profiles automatically.

Hosts, operating systems, services, interfaces and network addresses are automatically recorded to prevent analysts from wasting precious time and help them protect their network.

Host scanning is essential in uptime performance monitoring as well as a critical component in Aanval's Rogue Host Detection system.

Click to view screenshot

Live GeoLocation Display

Aanval v7 has the ability to view real-time IP GeoLocation data.

Aanval provides live and interactive IP GeoLocation displays to aid analysts in quickly identifying the global location of offending traffic. IP addresses of intrusion events are plotted on a fully interactive global map in both real-time and static forms.

Additionally these advanced displays help define patterns of attack that might otherwise go unnoticed.

Click to view screenshot

Advanced Displays

Dozens of displays designed to provide Analysts with near limitless viewing angles on attack data and correlated events. Events sorted and graphed by risk, signature statistics and interactive timelines are only a few of the powerful new features in this release of Aanval.

Additionally, Aanval includes powerful Geo IP Location details to allow analysts to quickly identify attack proximity for complete situational awareness.

Click to view screenshot

Event Tagging

Aanval v7 brings about the addition of a very powerful event tagging system, which allows individual users as well as teams to tag events with an unlimited number of keywords that may define that various characteristics of an intrusion event.

Default tags are provided and each user can create their own set of custom tags. Tags can be added to events individually as needed or through the automated action system as events are imported and normalized.

Searching and reporting by tags is supported and tag statistics displays are included as well.

Click to view screenshot

Timeline Browser

An analysts brain is very much tied to a timeline of events when mitigating an ongoing attack or investigating historical event results.

Aanval includes advanced new timeline based charts and graphs in addition to our standard sets. This graphing ability allows an analyst to see data from new angles and identify patterns that may have previously gone unnoticed.

Charts and graphs are Javascript based, enabling them to work on all desktop and mobile platforms.

Click to view screenshot


Significant research and intense development of Aanval v7 brings about the ability to store nearly an unlimited number of events within the console. As long as disk space is available, event storage continues without effecting performance.

Deployed installations with more than 100 million, 500 million and even 1+ billion events are not uncommon.

Data can be stored locally or remotely and remains easily accessible for searching, reports and statistics.

Click to view screenshot

Event Correlation

Big features in a competively priced product is exactly how Aanval has made it's mark in the industry.

Aanval includes real-time Snort, Suricata and Syslog event correlation - normalizing and effectively merging various event engine types into a single meaninful display.

Aanval is the only competitively priced, feature rich, Snort GUI as well as Suricata interface on the market with a feature list this accomplished.

Click to view screenshot

Live and Real Time

Not only does Aanval process incoming data and make it available in real time, Aanval provides multiple advanced real-time event and statistics displays to help users grasp current security and situational awareness.

Aanval v7 includes significant updates and enhancements to our popular and well known Live Event Monitor.

View and respond to events in real time!

Click to view screenshot

Advanced Search

Search results and correlation displays in addition to being extremely powerful are quick, simple and efficient.

Find targeted events using specific meta-data criteria as well as perform full clear text searches of all event fields including payload data for Snort, Suricata and syslog.

Additionally, Aanval supports a wide range of custom search keywords to locate events based upon time periods, risk level, relation to one another and more.

Click to view screenshot

Charts and Graphs

We all know charts and graphs can be both useful and unnecessary eye candy, however we believe Aanval provides a great balance between raw event data and graphical representation.

Charts and graphs, static, interactive and real-time animated views are available in searches, summaries, reports and dedicated displays.

Our charting and graphing capabilities are based on industry standard Javascript technology, ensuring they display equally as impressive on all desktop and mobile devices.

Click to view screenshot


Aanval's reporting system utilizes the same advanced core search engine as the primary console. Reporting on select searches has never been easier and more efficient.

Reports may be displayed, scheduled, managed and emailed all from within a simple to use, yet powerful interface.

Reports are available in HTML, XML, TEXT and native console formats.

Click to view screenshot

Sensor & Signature Management

Aanval supports Snort and Suricata signatures from any current source including signatures created and deployed by Sourcefire as well as Emerging Threats.

Aanval users may create, manage snort signature policies that can be deployed manually or automatically across single and multiple sensor architectures. Aanval allows users to download signature packs directly from snort.org as well as any of the widely available custom signature packs on the Internet.

Additionally, Aanval supports full sensor management functionality including manual and automated stopping and starting of Snort and Suricata. Email alerts if IDS engines fail and more.

Click to view screenshot

Automated Actions

Aanval includes a sophisticated criteria based event action system, which reacts to incoming events in real-time.

Our sophisticated actions module is capable of sending emails, generating audio alerts, performing maintenance and even executing customized shell scripts to do just about anything you can think of.

Many clients build and deploy advanced action scripts to update firewall rules, generate custom statistics and even trigger remote operations.

Click to view screenshot

Event Details

Aanval provides a consistent layout for all event details regardless of source (Snort, Suricata and / or Syslog data). Aanval displays appropriate network layer details, protocols, full encoded / decoded payload as well as the signature that triggered the event.

External network address lookups can be done with a single click as well as tagging events and adding notes are among the various features of the event details display.

Click to view screenshot

Similar Projects, Resources, and Tools

Aanval is without a doubt the industry's #1 Snort, Suricata, and Syslog intrusion detection and correlation console. However, we encourage our customers to review other existing projects and compare for themselves.

Intrusion and security related projects and products

Intrusion and security related tools and libraries

Facebook - Like us! Twitter - Follow us! YouTube - Watch us!
© 2015 All Rights Reserved. Aanval® is a registered trademark & product of Tactical FLEX, Inc. http://www.tacticalflex.com/
All logos, trademarks and images are property and copyright of their respective owners.
This site and its products are in no way endorsed by or related to any outside entity unless specifically noted.
800-921-2584 Fon
501-648-0875 Fax
Aanval by Tactical FLEX, Inc.