Working with ACID
ACID is the primary tool you will be using to work with intrusion data gathered by Snort. ACID has a number of useful features that will aid in intrusion detection and forensic work.
ACID presents alerts and intrusion data in a manner that makes the raw data outputted from Snort easier to understand (see Figure 8.2). Data is arranged in a logical fashion that facilitates quick decision making. Packets are displayed in an easy-to-understand manner that clearly documents the information in the packet.
Figure 8.2. A suspicious packet.
ACID provides detailed documentation that will give you insight into a new or unrecognized alert. ...