Thresh (software)

From Wikipedia, the free encyclopedia

Thresh
Main Configuration Menu
Developer:	Matthew J. Deren Jr.
Latest release:	1.5.0b / March 21, 2007
OS:	Cross-platform
Use:	Security / IDS
License:	GNU General Public License
Website:	www.automatadigital.com

Thresh is a free application to assist Security Engineers in tuning Snort IDS sensors. Thresh was written by Matthew Deren, co-creator of Automata Digital. It was designed in Perl-CGI and interfaces with MySQL databases.

This application is capable of generating threshold configurations for Snort Rules via web interface. Thresh reads any MySQL based Snort database and summarizes the events found by alert frequency. Once top-talkers are determined, the administrator can choose to fully suppress the rule from source or destination IP address, or simply reduce the frequency of alerting.

Additionally, there are options to delete alerts from the Snort database directly. Based off the created threshold files, the administrator can view how they will impact the database before changes are applied.

Other applications that can tune alerts in a similar fashion are SnortCenter and SnortCenter2 but these appear to have dropped out of development.

Contents 1 Future development 1.1 Project homepage 1.2 External links 1.3 Copyright

[edit] Future development

Future development will include automatic configuration and installation, push-to-sensor capability, pull-from-sensor capability, in-rule tuning and any configuration options which fall under the category of tuning.

[edit] Project homepage

• Thresh - A web-based sensor tuning application

[edit] External links

• Snort - Open source IDS
• MySQL - Open source database

[edit] Copyright