Intelligent Security Console

We have developed an Intelligent Security Console for monitoring a large-scale agent society and behave as an Alert Co-relation tool. The Intelligent Monitoring and Response (M&R) Security Console is a stand-alone architecture for sending and receiving security-related queries (in IDMEF format).Our design goal is to make the Security Console flexible enough so that it can better interact with the agent society and collect events and display them in a desired fashion.

The important features of the security console are as follows:

  • Allow defining queries using a specific format that allows editing, storing and retrieving of queries. Allow resolution of the query scope by sending capability features to the Security M&R Manager.
  • Provide a flexible query-builder tool to define both the persistent and transient queries by the user and to display the query results in a tabular format showing the relevant details as necessary. Also allows user-defined filters to refine query results.
  • The query results can be sorted and viewed in different views (tree, text and time series). For example, Time Series View displays the variables of a set of Heartbeat messages using a graphical representation.
  • The Alert Messages in response to the Query are Mined for finding frequent Episodes and Association Rules. Thus an Alert Profiler is designed.