Working with ACID
ACID is the primary tool you will be using to work with intrusion data gathered by Snort. ACID has a number of useful features that will aid in intrusion detection and forensic work.
ACID presents alerts and intrusion data in a manner that makes the raw data outputted from Snort easier to understand (see Figure 8.2). Data is arranged in a logical fashion that facilitates quick decision making. Packets are displayed in an easy-to-understand manner that clearly documents the information in the packet.
Figure 8.2. A suspicious packet.
ACID provides detailed documentation that will give you insight into a new or unrecognized alert. ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
