The Analysis Console for Intrusion Databases
(ACID) is a PHP-based analysis engine to search
and process a database of incidents generated by
security-related software such as IDSes and
firewalls (e.g., Snort or ipchains). It provides a
search interface for finding alerts matching
practically any criteria. This includes arrival
time, signature time, source/dest address/port,
flags, payload, etc. ACID also provides the
ability to annotate and logically group related
events, delete false positives, or archive alerts
among databases. Finally, a variety of statistics
and graphs can be generated based on time, IP
address, ports, alert classification, and sensor.