Manntech Computers was started in 2005 with the vision of creating and investigating information security. Since that date we have strived to gain expert knowledge and use that to create processes, procedures and applications that meet that need.
NOW SHIPPING Version 3.1
FOLLOW OUR NEW BLOG...blog.manntechcomputersinc.com
Sphere of Influence (SOI) is based around four products at present Cisco Pix/ASA, Cisco IPS, Snort IDS and Windows 2008/2003/XP Vista. When you purchase the product you get access to all the SOI versions. SOI collects syslog information real time from Cisco ASA/Pix, Snort and windows devices. It collects SNMP traps for the Cisco IPS window. You can run SOI to collect from Cisco IPS, snort IPS, PIX/ASA and Windows XP/Vista/2003/2008 at the same time or just run one collection at a time. You must configure the syslog on the snort and pix/asa to log to the system which is running SOI. You configure the Cisco IPS Window to collect SNMP traps from the Cisco IPS appliance. With the Windows SOI version all you do is install the free open source software called Snare from Intersect Alliance and point it to the host running the Windows SOI on port 1517. We provide a quick how to, but for more in depth please contact your security analyst to help you more. The pix/asa listener listens on port 1516 udp (syslog) and the snort listener listens on port 1515 udp (syslog). The Cisco IPS listens on 1518 (SNMP) We think you'll find this an excellent tool for:
1) Traffic Analysis - Real Time
2) Policy Compliance Enforcement
3) Network Operations Display
4) Network setup and Testing
5) Cut down on false positives investigations on IDS
6) Fraud Warnings
There are probably other uses, if you find them please tell us, its always good to find other uses. If you have or know or a product that uses syslog and you would like to see it using our application, please contact us to add it to our visualization product.
Below are the screen shots. To view a demo pages please click here. To purchase SOI please click the Buy Now button. You will taken to a secure website where you can pay for the product, enter discount codes and/or download SOI. Any problems please contact our sales department by email sales@manntechcomputersinc.com. We will respond as soon as possible.
I hope you enjoy the product, if you can think of any enhancements you want added please contact us via support@manntech-computersinc.com and we will try to add them into the next version. Happy Hunting!!
Darren Manners
CEO, Manntech Computers, Inc
We can configure the snort to capture from or to any ip address and also what particular rules you want to invoke. With this method you can have thousands of different combinations!
Also we added a Network Operations View. This view allows you to upload a network diagram and drag-and-drop the columns onto the diagram. This gives you an overall view of what is happening device to device
This is a view of the Default windows network map. You can alter this background and drap and drop the columns around to give you a picture of your specific network
You also have a details window for every flag or icon. This shows you a continent hit count, the syslog message, country code, organization and allows you to start monitoring the source or destination IP address.
We also have a summary window which captures all the ports in a single view)
Also included is a special feature that allows you to follow a source or destination IP address. This feature is in both the Snort and Pix/ASA version. This allows you to identify additional traffic/rules to or from a specific IP.
The locks represent Private IP addresses. Question marks are from IP addresses of unknown Origin. The flags represent the country. You can add columns to increase the amount of ports, or change the port that you are looking for.
Above is a screenshot of the Cisco IPS Chart View.
Below is a screenshort from the Windows SOI version. As you can see the icons can be changed to represent any windows event id. Also you can filter by a "keyword" within a rule. An example would be if you were looking for specific login information from a user being denied access. You would create a rule for event id 675 and a message of "adminstrator". This would fire the event when someone attempts to logon as administrator and uses an incorrect password.
New 2.0 Adds some great new features such a filterable world map for Cisco Pix/ASA
Each window also has a timeline. This window allows you to keep track of the previous hour. You can filter the timeline on just about anything from source/destination port, address, organization, country and keywords.
