Snort IDS Integration

The hrMecca platform is integrated with the popular open source Snort Intrusion Detection System. Intrusion events can be reported on from within the application, event lookups can be run against the IDS database and resolutions can be attached to exploits that are known to be neutralized.

[ back to Security ... ]

The dialog shown on the right allows an administrator to control which events are reported on and whether or not resolution details are provided. Event statuses can be Resolved, Unresolved or All. The Order By drop down can be set to Signature Description, Date/Time or Priority. Reports can be sent to the report archive for review at anytime in the future.

[ back to Security ... ]

A representative IDS Event Summary report is depicted on the left.

[ back to Security ... ]

Snort events are assigned a signature ID that can be used to lookup the exploit in the IDS database. A wealth of information is provided by this lookup including URLs to Microsoft, Nessus, BugTraq, CVE and ArachNIDS exploit databases.

[ back to Security ... ]

Resolutions can be tied to Snort events. Once this is done, the event is considered neutralized. Reports can be run that only detail the events that have not yet been resolved.

[ back to Security ... ]

The system checks for unresolved Snort events every hour. E-Mails are delivered to the system administrator when unresolved events are kicked out by the system.

[ back to Security ... ]