|This article is an orphan, as no other articles link to it. Please introduce links to this page from ; try the Find link tool for suggestions. (February 2009)|
Main configuration menu
|Developer(s)||Matthew J. Deren Jr.|
|Stable release||1.5.0b / March 21, 2007|
|Type||Security / IDS|
|License||GNU General Public License|
Thresh is a free application to assist Security Engineers in tuning Snort IDS sensors. Thresh was written by Matthew Deren, co-creator of Automata Digital. It was designed in Perl-CGI and interfaces with MySQL databases.
This application is capable of generating threshold configurations for Snort Rules via web interface. Thresh reads any MySQL based Snort database and summarizes the events found by alert frequency. Once top-talkers are determined, the administrator can choose to fully suppress the rule from source or destination IP address, or simply reduce the frequency of alerting.
Additionally, there are options to delete alerts from the Snort database directly. Based on the created threshold files, the administrator can view how they will impact the database before changes are applied.
Other applications that can tune alerts in a similar fashion are SnortCenter and SnortCenter2 but these appear to have dropped out of development.
Future development will include automatic configuration and installation, push-to-sensor capability, pull-from-sensor capability, in-rule tuning and any configuration options which fall under the category of tuning.