AirCERTAutomated Incident Reporting (AirCERT) is a scalable distributed system for sharing security event data among administrative domains. Using AirCERT, organizations can exchange security data ranging from raw alerts that are generated automatically by network intrusion detection systems (and related sensor technology) to incident reports based on the assessments of human analysts.
The goal of AirCERT is to provide a capability for identifying trends and patterns of intruder activity spanning multiple administrative domains. The underlying assumption is that sample data from representative sites provides enough information to draw conclusions, and a larger sample provides the ability to extrapolate activity at different sites. With regard to the collected data, the premise of AirCERT is that the sum is more than the individual parts.
More information, as well as AirCERT downloads, is available from http://aircert.sourceforge.net/.
Last updated November 3, 2003