- Short Term (all started to some degree) - documentation - full input validation - multi-sensor support in all operations - new search criteria: TCP/IP options - various "fast searches" off the main page - lookups for a particular IP (intelligent dig, traceroute, etc.) - print the same stats listed on the main page for all query results - Longer Term - improve the quality and flexibility of the graphs - support a user login and privileges on operations/data - add additional database support (e.g., Oracle) - plug-in architecture for non-PHP analysis operations - support analysis operations running in the background and being scheduled - layer 4+ packet decode - workflow mechanisms for multiple analysts examining the same data - export alerts into different formats (e.g., tcpdump) - import alerts from different formats - extend database schema to support host-base security tools - more real analysis! Last Updated: 01-10-2001