SAM

• Added application level authentication. Default username/password is admin/changeme!
• IP addresses are now tagged with their country of origin.
• Added a heat map to the dashboard to show the distribution of high priority events per country.
• Color code event priority on the events page to make it quicker to tell high priority events from low priority events.
• Misc UI enhancements.

There are already several interesting features lined up for 0.7.0 but please let me know if there's something you'd like to see.

• Major iPhone interface overhaul
• Minor web interface tweaks
• Added an ignore option
• Bug fixes in the iPhone front end
• Added a Nagios check so that SAM can be integrated with Nagios.

Looking into what additional features will go into 0.6.0. I expect it to be a bigger release. If you have requests make them known in the forums.

The iPhone specific version of SAM has received a facelift. The new interface is much improved and everything works correctly. I switched to iWebkit and it seems to be pretty nice. No actual features were added in this commit. Additional features are planned in a later version. For now I wanted a decent base to build from. The latest version is only available in Subversion for now, but hopefully I'll get a new build out in a week or two. Or sooner if I keep working on SAM during my lunch hour.

After some pretty regular releases it might seem like there is currently no activity going on with SAM but that isn't true. The activity has been diverted for a bit into a different direction for a little while. Once I started working on generating alerts via email I realized I was really missing the constant feedback that the old GUI based version of SAM showed. I'd been playing around with several desktop technologies for a while and finally decided to go forward with Adobe AIR and so I released AirSAM. You can learn more about AirSAM on it's own project page, but I wanted to let everybody know that despite the lack of releases for a whole six weeks that work on SAM has not stalled. There are still a ton of exciting features that I'd like to add and work will continue.

I realize that Adobe AIR is only available for Mac, Windows and Linux and a more cross platform solution is still needed. I'm constantly looking at ways to convey the information that SAM makes available and I'll be looking at more ways for folks on BSD, Solaris, etc... can use that information. I'm excited by the news that QT is going LGPL so that might be a possibility. And of course the community is welcome to create apps as well. :) So stay tuned. There is much more ahead!

One of the things that's been missing since I switched SAM (Snort Alert Monitor) from a java based GUI to a Ruby on Rails based web application is the ability to be notified when something exceptional happens. I've been working on the code over the last couple of weeks that would facilitate this but it's been slow going. When you have a half hour here and a half hour there you don't make much progress no matter how simple the task is. Well I'm happy to report that today I've checked in the necessary code to handle email based alerting.

There are two types are reports that are currently run. The first report is run every five minutes and will send out an email if the Threat Index goes over the level specified in the preferences panel. It's very simple at this point but it will improve as time goes on. The second type of report is a nightly report that gives a summary of the preceding day. It provides information similar to what is found on the dashboard only in an email format. This report also needs some work. Especially some nice clickable links so you can hop over to the site and get more information about what was happening at the time. I'm sure more will be added and it will definitely be polished up as time permits.

If you want to see the alerts in action simply check out the 0_5_0_branch from Subversion and set it up. You'll need to update your database by running "rake db:migrate" in the root directory of SAM. You'll also need to install the BackgrounDRb gem by running "gem install backgroundrb". And lastly you'll need to start BackgrounDRb by running "./script/backgroundrb -e production start" from the root directory of SAM. Don't forget to update the preferences page with the appropriate settings.

If you are looking for more complicated monitoring have a look at the API examples. Extending SAM is extremely simple and you are only limited by your imagination. I'm already working on some cool ways to consume the API that SAM exposes and I'd love to hear of ways others are using it.