Argus - Revision history

Carter: /* Overview */

2009-08-31T16:58:41Z

‎Overview

Carter: /* Overview */

2009-08-31T16:56:12Z

‎Overview

Carter: /* Overview */

2009-08-31T16:54:02Z

‎Overview

Carter: Created page with '== Overview == '''argus''' is a network flow monitor that is used to establish network activity audits, that are then used to supplement traditional IDS based network security. …'

2009-08-31T16:52:21Z

Created page with '== Overview == '''argus''' is a network flow monitor that is used to establish network activity audits, that are then used to supplement traditional IDS based network security. …'

New page

== Overview ==

'''argus''' is a network flow monitor that is used to establish network activity audits, that are then used to supplement traditional IDS based network security. These sites use contemporary IDS technology like snort and/or Bro to generate events and alarms, and then use the Argus network audit data to provide context for those alarms to decide if the alarms are real problems. In many DIY efforts, snort, Bro and argus run on the same high performance device. The audit data that Argus generates is great for network forensics, non-repudiation, network asset and service inventory, behavioral baselining of server and client relationships, detecting very slow scans, and supporting Zero day events. The network transaction audit data that Argus generates has also been used for a wide range of other tasks including Network Billing and Accounting, Operations Management and Performance Analysis.

Argus uses libpcap and it has been ported to virtually every [[Unix]] platform, OpenWRT and on [[Windows | Win32]] using Cygwin.

← Older revision		Revision as of 16:56, 31 August 2009
Line 4:		Line 4:

	Argus uses libpcap and it has been ported to virtually every [[Unix]] platform, OpenWRT and on [[Windows \| Win32]] using Cygwin.		Argus uses libpcap and it has been ported to virtually every [[Unix]] platform, OpenWRT and on [[Windows \| Win32]] using Cygwin.
		+
		+	== External Links ==
		+
		+	* [http://qosient.com/argus Argus website]

	== See Also ==		== See Also ==

← Older revision		Revision as of 16:54, 31 August 2009
Line 4:		Line 4:

	Argus uses libpcap and it has been ported to virtually every [[Unix]] platform, OpenWRT and on [[Windows \| Win32]] using Cygwin.		Argus uses libpcap and it has been ported to virtually every [[Unix]] platform, OpenWRT and on [[Windows \| Win32]] using Cygwin.
		+
		+	== See Also ==
		+
		+	* [[tcpdump]]
		+
		+	[[Category:Network Forensics]]

@@ Line 1: / Line 1: @@
 == Overview ==
-'''argus''' is a network flow monitor that is used to establish network activity audits, that are then used to supplement traditional IDS based network security. These sites use contemporary IDS technology like snort and/or Bro to generate events and alarms, and then use the Argus network audit data to provide context for those alarms to decide if the alarms are real problems. In many DIY efforts, snort, Bro and argus run on the same high performance device. The audit data that Argus generates is great for network forensics, non-repudiation, network asset and service inventory, behavioral baselining of server and client relationships, detecting very slow scans, and supporting Zero day events. The network transaction audit data that Argus generates has also been used for a wide range of other tasks including Network Billing and Accounting, Operations Management and Performance Analysis.
+'''argus''' is a network flow monitor that is used to establish network activity audits. The audits are the basis of Network Forensics for many universities and corporations, providing data mining for historical network activity.  Many sites use contemporary IDS technology like snort and/or Bro to generate events and alarms, and then use the Argus network audit data to provide context for those alarms to decide if the alarms are real problems. In many DIY efforts, snort, Bro and argus run on the same high performance device. The audit data that Argus generates is great for network forensics, non-repudiation, network asset and service inventory, behavioral baselining of server and client relationships, detecting very slow scans, and supporting Zero day events. The network transaction audit data that Argus generates has also been used for a wide range of other tasks including Network Billing and Accounting, Operations Management and Performance Analysis.
 Argus uses libpcap and it has been ported to virtually every [[Unix]] platform, OpenWRT and on [[Windows | Win32]] using Cygwin.