Snort Events

by Randal T. Rioux
August 2, 2012

LCE collects and correlates data from many IDS/IPS systems on the market. This report focuses on events generated by Snort, and presents a high-level overview of the current trends and threats reported by this popular intrusion detection and prevention software.

This report template contains four sections. 

Directional Analysis is an area chart that displays the total number of events for inbound, outbound and internal traffic events reported by Snort.

The Class C Events pie chart breaks down each monitored class C subnet reporting events, to give you a quick view of which networks have the most potential problems.

The Event and Type Lists element has an overview of the normalized event types, such as "intrusion" or "virus," and displays a trend of activity for each. This section also includes tables listing all inbound and outbound events with totals.

The last section, Event by IP Analysis, displays a bar chart listing the host systems with the highest number of events reported. This is a quick and easy way to spot possible bots and infected systems that require immediate remediation.