Alert Correlation, Assessment and Reaction Module - next generation

ACARM-ng is an alert correlation software which can significantly facilitate analyses of a traffic in computer networks. It is responsible for collection and correlation alerts sent by network and host sensors also referred to as NIDS and HIDS respectively. Correlation process aims to reduce the total number of messages that need to be viewed by a system administrator to as few as possible by merging similar events into groups representing logical pieces of malicious activity.

Such groups of alerts are also called meta-alerts and can range from a bunch of failed user logins on a single machine to information about more complex attack scenarios like service recognition followed by break-in attempt or setting up a bot net.

If you are working as an operator of a cluster of computers and/or a piece of network which is a target of network attacks then you will find this tool very useful since it will reduce your reaction time to incidents along with giving you more time to do other things.