SNIDE Assess is a general-purpose software package for matching network event notifications from specialized sensors against on or more attack templattes. If a pattern of events matches an attack template, then SNIDE Assess can be configured to initate responses. SNIDE Assess provides a graphical user interface for configuring attack templates, and provides the required flexibility to define new event notification messages and responses. In general, SNIDE Assess is designed for event correlation for network intrusion detection systems. This version of SNIDE Assess is configured specifically for detection of control plane intrusions on Asynchronous Transfer Mode (ATM) networks. The SNIDE Assessment Engine is written in C. The SNIDE Assessment engine is a piece of the software that is responsible for receiving incoming messages from sensors, assimilating the information from the tripped sensors, and determining if the messages received constitute and intrusion, based on the rules specified by the system administrator. If it has been determined that a possible intrusion has occurred, the SNIDE Assessment engine will send a message to one or more response components to perform the action specified in the rule. The SNIDE Assessment engine is rule driven, that is, it's behavior is determined by specifying a set of text based rules. To provide flexibility, the definition of what constitutes an intrusion is left to the intrusion detection system administrator. a graphical rule editor is provided to allow the administrator to define what type of intrusions are to be monitored. The rules consist of combinations of sensors with boolean operators and filters. SNIDE Assessment rules can be made arbitrarily compled by using Operators and Filters. Operators allow for logic constructs to be created that combine incoming Sensor Notification events. When grouped together, they are referred to as solution sets. Each operator defnes on logic operation that is satisfied when a complete solution set has been assembled. Operators are organized in a tree-like hierarchy to allow complex logic to be specified, and can be nestd to an arbitrary depth.
To order this software or receive further information, please fill out the following request: Request Software
@misc{osti_1230575,
title = {Sandia Network Intrusion Detection Assessment Version 1.0, Version 00},
author = {Bauer, Keith C. and Volkmer, Greg},
abstractNote = {SNIDE Assess is a general-purpose software package for matching network event notifications from specialized sensors against on or more attack templattes. If a pattern of events matches an attack template, then SNIDE Assess can be configured to initate responses. SNIDE Assess provides a graphical user interface for configuring attack templates, and provides the required flexibility to define new event notification messages and responses. In general, SNIDE Assess is designed for event correlation for network intrusion detection systems. This version of SNIDE Assess is configured specifically for detection of control plane intrusions on Asynchronous Transfer Mode (ATM) networks. The SNIDE Assessment Engine is written in C. The SNIDE Assessment engine is a piece of the software that is responsible for receiving incoming messages from sensors, assimilating the information from the tripped sensors, and determining if the messages received constitute and intrusion, based on the rules specified by the system administrator. If it has been determined that a possible intrusion has occurred, the SNIDE Assessment engine will send a message to one or more response components to perform the action specified in the rule. The SNIDE Assessment engine is rule driven, that is, it's behavior is determined by specifying a set of text based rules. To provide flexibility, the definition of what constitutes an intrusion is left to the intrusion detection system administrator. a graphical rule editor is provided to allow the administrator to define what type of intrusions are to be monitored. The rules consist of combinations of sensors with boolean operators and filters. SNIDE Assessment rules can be made arbitrarily compled by using Operators and Filters. Operators allow for logic constructs to be created that combine incoming Sensor Notification events. When grouped together, they are referred to as solution sets. Each operator defnes on logic operation that is satisfied when a complete solution set has been assembled. Operators are organized in a tree-like hierarchy to allow complex logic to be specified, and can be nestd to an arbitrary depth.},
doi = {},
url = {https://www.osti.gov/biblio/1230575},
year = {Fri Sep 20 00:00:00 EDT 2002},
month = {Fri Sep 20 00:00:00 EDT 2002},
note =
}
