About Nariz

Nariz is a distributed alert correlation system. It performs alert correlation in two phases - locally preprocessing and distributed postprocessing - by splitting the correlation system amongst several computers. Features include:

  • Correlates IDS (Intrusion Detection System) alerts.
  • Distributed alert correlation mechanism.
  • Correlates Snort alerts. It is also possible to include new plugins for correlating alerts from others IDS's.
  • The sources are available to public domain under the GPL terms.
  • Reduces the number of alerts and false positives for its administrator.
  • Alert correlation can be configurable by configuring the attack type.
  • The distributed correlation starts with a trigger that is configurable by its user.
  • It can run using low end machines than would be necessary in a centralized correlation system.
  • Uses an embedded database (SQLite) that implements most of SQL92 and supports databases up to 2 terabytes in size.

Nariz distributed alert correlation system is under development by its crew to make its first release available to the public.

This page last modified on July 21, 2004 0:25 AM
Support This Project