Features

INTERACTIVE REALTIME DASHBOARD

Monitor summary information on the main items on Snowl interface start-up screen which contains the following:

  • An interactive geographical map of attack
  • A real time updated list of most recent attacks
  • A diagram classifying threats into types
  • A diagram distributing attacks based on the threat level
  • A graph showing time distribution of attacks
  • A top list of IP addresses from which attacks are carried out
Snowl dashboard

DIFFERENT WAYS OF DISPLAYING THREATS

Select the method for displaying threats: in the form of an interactive table or in the form o graphs and diagrams.

In the table display, repeated attacks are grouped: each attack is indicated with the number of its attempts for the selected period.

The graph or diagram display can be helpful for analyzing and understanding the broader picture: the most popular attacks, a top list of attackers’ IP addresses, a top list of attacked IP addresses, a top list of the ports used for attacks, distribution of attacks by the source countries, etc.

DIFFERENT WAYS OF DISPLAYING THREATS

POWERFUL AND FLEXIBLE FILTRATION SYSTEM

Search for attacks based on different indicators and their combinations.

Filtering conditions can be formed using logical operators AND, OR, NOT,
and grouped using parentheses (conditions).

After a filter is created, it can be saved with an arbitrary name for its further quick use.

Besides, Snowl has a few preset filters that will help to master the system quickly.

Snowl filtration system

PINPOINT CUSTOMIZATION OF SENSORS AND THEIR OPERATING POLICIES

Customize Snort sensor via a user-friendly interface instead of configuration files.

Snowl shows different information for each sensor: Rx/Tx traffic rate, the use of RAM and CPU loading.

An intrusion detection policy can be specified for each sensor.
Moreover, different policies can be created based on different rulesets with the rulesets updated automatically.
Each policy can be further customized: enabling and disabling particular signatures and setting response to them.

PINPOINT CUSTOMIZATION OF SENSORS AND THEIR OPERATING POLICIES

AUTOMATION OF RESPONSE TO EVENTS

Set automated actions when certain conditions arise.

Snowl allows setting various automated actions in case of events meeting criteria of different filters.

These may include running a script with parameters and/or sending an email notification to responsible executives.

Snowl automation of response

SELECTING DIFFERENT INTERFACE THEMES

Select a theme for Snowl interface that suits you best.

By default, a dark “graphite” theme is used but you can select among more than 10 different themes.

Snowl themes

Apart from the above options, Snowl offers a lot of various handy features.
If you have some ideas or requests for new features, please contact us at supportemail saving trick@snowl.io, we will appreciate any feedback.