SAM is a program to monitor (in real-time) the number of alerts generated by Snort. Having recently set up Snort and ACID I felt like there was something missing.
Snort was great for identifying suspicous traffic and ACID was great for digging in to the details but I needed something that was a little higher overview and able to sounds alarms if certain conditions were met.
For instance if I was attacked 100 times in a 5 minutes period. SAM does not replace Snort or ACID but rather it compliments them.
What's New in This Release: [ read full changelog ]
· Add database table prefix
· Add MaxMind's database
· Add style to the user's table
· Nagios check not correctly providing perf data
· Removed redundant arin link on events page
· Add preference page to iPhone site
· Add ability to map where threats are coming from
· Add authentication
· Add Country code to IP addresses on the dashboard
· Color code priority