Big Brother is a combination of monitoring methods. Unlike SNMP where information is just collected and devices polled, Big Brother is designed in such a way that each local system broadcasts its own information to a central location. Simultaneously, Big Brother also polls all networked systems from a central location. This creates a highly efficient and redundant method for proactive network monitoring.
Knocker is a simple, versatile, and easy-to-use TCP security port scanner written in C, using threads. It is able to analyze hosts and the network services which are running on them. Knocker it is available for Linux, FreeBSD, many Unix platforms, and Windows 95/98/2000. Both a console version and a GTK+ version are available.
SecurityFocus ARIS Extractor is a sophisticated Intrusion Detection System (IDS) log analyzer and reporting system, integrated with the SecurityFocus ARIS web site. It allows administrators to upload Intrusion Detection System (IDS) logs to the SecurityFocus ARIS Web site, producing sophisticated reporting, and research attacks and events. By filtering out insignificant or benign data and converting it to a common (XML) format, ARIS extractor streamlines incident reporting for both security professionals and home users, allowing IDS operators to focus only on relevant attacks and incidents. It allows you to analyze and archive logged incidents, cross reference incidents/attacks with the SecurityFocus Vulnerability Database, look up contact information for offending IP addresses, generate personal incident statistics and reports, automatically identify and report important incidents, reduce the amount of time spent parsing IDS logs, and generate daily summary reports, delivered by email (optional). All of this is done without revealing any information that could be used to discern your identity. It can be configured to obfuscate IP addresses, names, and other pertinent details before submitting them to the ARIS Analyzer web site. It supports Snort, Cisco Secure IDS, Dragon, NetProwler, RealSecure, BlackICE Defender, and ICEPac.
IPFC is software and a framework to monitor multiple types of agents in a heterogeneous distributed environment. Agents can implement logging of elements as diverse as packet filters (like netfilter, pf, ipfw, IP Filter, checkpoint FW1, etc.), NIDS (Snort, arpwatch, etc.), Web servers, and other general devices (from syslog-servers to embedded devices). It features log collection for different security "agents", dynamic log correlation possibilities, and easy extensibility due to the generic database and XML message formats used.
FTimes is a system baselining and evidence collection tool. Its primary purpose is to gather and/or develop topographical information and attributes about specified directories and files in a manner conducive to intrusion and forensic analysis. It was designed to support the following initiatives: content integrity monitoring, incident response, intrusion analysis, and computer forensics.
WebJob downloads a program over HTTP/HTTPS and executes it in one unified operation. The output, if any, may be directed to stdout/stderr or a WebJob server. WebJob may be useful in incident response and intrusion analysis as it provides a mechanism to run known good diagnostic programs on a potentially compromised system. WebJob also provides a framework that is conducive to centralized management. Therefore, it can support and help automate a large number of common administrative tasks and host-based monitoring scenarios.
AutoNOC is a high performance, production integrated, peer-to-peer network operations management platform for Windows and Linux. It provides real-time historical analysis, root cause, fault detection, reporting, alerts and alarms, and no-nonsense correlation. It is an interoperable vendor independent solution with built-in support for Microsoft, Cisco, Linux, IBM, and other major technologies. Additionally it offers many novel capabilities, including end user personalization, easy scalability, compressed historical databases, infinite histories, event archiving (it works as a syslog server), and multi-language support.
Snortalog is a powerful Perl script that summarizes Snort logs, making it easy to view any network attacks detected by Snort. It can generate charts in HTML, PDF, and text output. It works with all versions of Snort, and can analyze logs in three formats: syslog, fast, and full snort alerts. Moreover, it is able to summarize other logs like CheckPoint, Netfilter, IPFilter, Packet Filter, Cisco PIX/ASA, NetScreen, TippingPoint, and Lucent BRICK in a similar way.