Applied Watch Command Center

Applied Watch Command Center is a security management framework for open source. It features a high-availability, distributed architecture and provides a centric framework for the collection and analysis of intrusion alerts across large enterprises.

Built as a browserless Java solution, Applied Watch Command Center offers AES-256 bit strong-arm encrypted communications, supports Windows, Mac, Linux, and UNIX, and provides event handling journals for engineers to write incident response notes on each event investigated. Users are able to monitor as well as manage any supported device added by Applied Watch; including Snort, Snort-Inline, LaBrea Tarpit, Syslog, Windows Event Logs, Cisco Pix Firewalls, Nessus, and more.

Through support of the open source Nessus vulnerability scanner, users can execute, schedule, and manage vulnerability scans across a number of networks without limitation. Using a false positive tagging system, users can also tag vulnerabilities as false positives and compare previous Nessus scan reports with new scans to identify changes in the status of vulnerabilities.

New updates and signatures can be uploaded directly from the Applied Watch Command Center Dashboard to thousands of Applied Watch Agents with a single mouse click. As new IDS rulesets are made available, the administrator has the capability to update all IDS agents through a single interface within the Applied Watch Command Center policy manager. The Dashboard's Policy Manager can, among other things, be used to download new rulesets from snort.org to thousands of Agent-managed policies.

Through the Applied Watch Command Center Dashboard, security engineers are able to concentrate on alerts prioritized into different levels of criticality. Each alert can have individual engineer journal notes attached to it, which are saved in the database for other engineers to read.

Individual Snort signatures can be tagged with an E-mail alert configuration that will cause the Applied Watch Server to send out an E-mail alert in the event that the alert requirements are met.