SnortCon is a Web based utility that provides a
high-level overview of the threats that a network
is facing. SnortCon requires that Snort is logging to
a MySQL database. The interface updates at user
configurable intervals to show the following
information: top/recent attacks, top/recent
attackers, number of events over the past
{5,15,30,60} minutes, and the current SnortCon.
The SnortCon can be three values, HIGH, MEDIUM,
OR LOW. It is calculated based on the number of
Snort events that have been generated during a
pre-defined interval. An attack profile is also
displayed in a graphical form for the last 60
minutes and last 24 hours. Recent Attack Detail for
the past 30 minutes is also available. The tool is
primarily intended to be high-level and not meant
to replace detailed analysis tools such as ACID.
