.gif)
Thresh (software)
Encyclopedia
Thresh is a free
application to assist Security Engineers in tuning Snort
IDS
sensors. Thresh was written by Matthew Deren, co-creator of Automata Digital. It was designed in Perl-CGI and interfaces with MySQL
databases.
This application is capable of generating threshold configurations for Snort Rules via web interface. Thresh reads any MySQL based Snort database and summarizes the events found by alert frequency. Once top-talkers are determined, the administrator can choose to fully suppress the rule from source or destination IP address
, or simply reduce the frequency of alerting.
Additionally, there are options to delete alerts from the Snort database directly. Based on the created threshold files, the administrator can view how they will impact the database before changes are applied.
Other applications that can tune alerts in a similar fashion are SnortCenter and SnortCenter2 but these appear to have dropped out of development.
Free software
Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
application to assist Security Engineers in tuning Snort
Snort (software)
Snort is a free and open source network intrusion prevention system and network intrusion detection system , created by Martin Roesch in 1998...
IDS
Intrusion-detection system
An intrusion detection system is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor...
sensors. Thresh was written by Matthew Deren, co-creator of Automata Digital. It was designed in Perl-CGI and interfaces with MySQL
MySQL
MySQL officially, but also commonly "My Sequel") is a relational database management system that runs as a server providing multi-user access to a number of databases. It is named after developer Michael Widenius' daughter, My...
databases.
This application is capable of generating threshold configurations for Snort Rules via web interface. Thresh reads any MySQL based Snort database and summarizes the events found by alert frequency. Once top-talkers are determined, the administrator can choose to fully suppress the rule from source or destination IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
, or simply reduce the frequency of alerting.
Additionally, there are options to delete alerts from the Snort database directly. Based on the created threshold files, the administrator can view how they will impact the database before changes are applied.
Other applications that can tune alerts in a similar fashion are SnortCenter and SnortCenter2 but these appear to have dropped out of development.
Future development
Future development will include automatic configuration and installation, push-to-sensor capability, pull-from-sensor capability, in-rule tuning and any configuration options which fall under the category of tuning.External links
- Official website
- Snort - Open source IDS
- MySQL - Open source database