Gene Guinter

SNĒZ is a web interface to the popular open source IDS program SNORT®. It is written entirely in PHP, minimizing client and server software prerequisites. There is one very simple configuration file with only a handful of parameters to set. This allows for SNĒZ to be dropped onto an IDS server with a minimum number of installation steps and program requirements.

The main design feature of SNĒZ is the ability to filter (or dismiss) alerts rather than require alerts to be deleted after review by the security analyst. At any time, filters can be ‘overridden’ so that all collected alerts can be analyzed for patterns, forensics, etc. Of course, the ability to delete filtered alerts is available.

A main design criteria for SNĒZ is speed, obtained by eliminating nice-to-have but unnecessary features. For example, simple page forward and page backward is provided so that queries do not need to read the entire database to create page numbers. SNĒZ does not reformat or rewrite the IDS database, saving time.

Basic security features include definition of regular analysts and administrators, an adjustable screen timeout, adjustable maximum sign-on attempts and lockout, and the ability to change passwords.

SNORT® is a registered trademark of Sourcefire, Inc. All rights reserved.