Features
INTERACTIVE REALTIME DASHBOARD
Monitor summary information on the main items on Snowl interface start-up screen which contains the following:
- An interactive geographical map of attack
- A real time updated list of most recent attacks
- A diagram classifying threats into types
- A diagram distributing attacks based on the threat level
- A graph showing time distribution of attacks
- A top list of IP addresses from which attacks are carried out

DIFFERENT WAYS OF DISPLAYING THREATS
Select the method for displaying threats: in the form of an interactive table or in the form o graphs and diagrams.
In the table display, repeated attacks are grouped: each attack is indicated with the number of its attempts for the selected period.
The graph or diagram display can be helpful for analyzing and understanding the broader picture: the most popular attacks, a top list of attackers’ IP addresses, a top list of attacked IP addresses, a top list of the ports used for attacks, distribution of attacks by the source countries, etc.

POWERFUL AND FLEXIBLE FILTRATION SYSTEM
Search for attacks based on different indicators and their combinations.
Filtering conditions can be formed using logical operators AND
, OR
, NOT
,
and grouped using parentheses (conditions)
.
After a filter is created, it can be saved with an arbitrary name for its further quick use.
Besides, Snowl has a few preset filters that will help to master the system quickly.

PINPOINT CUSTOMIZATION OF SENSORS AND THEIR OPERATING POLICIES
Customize Snort sensor via a user-friendly interface instead of configuration files.
Snowl shows different information for each sensor: Rx/Tx traffic rate, the use of RAM and CPU loading.
An intrusion detection policy can be specified for each sensor.
Moreover, different policies can be created based on different rulesets with the rulesets updated automatically.
Each policy can be further customized: enabling and disabling particular signatures and setting response to them.

AUTOMATION OF RESPONSE TO EVENTS
Set automated actions when certain conditions arise.
Snowl allows setting various automated actions in case of events meeting criteria of different filters.
These may include running a script with parameters and/or sending an email notification to responsible executives.

SELECTING DIFFERENT INTERFACE THEMES
Select a theme for Snowl interface that suits you best.
By default, a dark “graphite” theme is used but you can select among more than 10 different themes.

If you have some ideas or requests for new features, please contact us at support @snowl.io, we will appreciate any feedback.