Working with ACID

ACID is the primary tool you will be using to work with intrusion data gathered by Snort. ACID has a number of useful features that will aid in intrusion detection and forensic work.

ACID presents alerts and intrusion data in a manner that makes the raw data outputted from Snort easier to understand (see Figure 8.2). Data is arranged in a logical fashion that facilitates quick decision making. Packets are displayed in an easy-to-understand manner that clearly documents the information in the packet.

Figure 8.2. A suspicious packet.

ACID provides detailed documentation that will give you insight into a new or unrecognized alert. ...

Get Intrusion Detection with Snort now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.