Generate Reports from the Historical Interface

Sometime we come across an historical query with lots of information that cannot be summarized in a single escalation report. With this new feature (the report button on the bottom of the historical report page) you can take a snapshot of the current page which is archived under Historical Queries. This is especially useful if you collaborate with someone else and you want to share the information (for example show it to your boss..) or you simply want to archive what you see.

Beta Support for OSSEC Logging

Simply make the OSSEC daemon send syslog messages to your sensor IP address and ‘voila’; now you can view aggregate/correlate your OSSEC alerts with snort alerts, flows and other syslog entries. The nsm will also store your OSSEC alerts (just like any other syslog message) in the DB to mine at your leisure. As always send any questions or bugs to

Reports Added to Metaflows Interface

Click on reports and inspect automatically generated daily and weekly reports or create your own custom reports.
Periodic reports are generated every day or every week. One time reports are specified between specific dates.
Once the report it is saved, it will be executed in the background. Reports are interactive and let you explore the
report data through the historical interface. Enjoy!

New Features!

The MetaFlows interface was updated last night with the following changes:

    • Visual Grouping
      Detailed records of an Historical query, when sorted by time, are visually time-grouped with a red or black border.
    • Escalation Reports
      Escalation reports now include all detail record information instead of just listing the client/server ports/IP addresses.
    • Sensor Software Updates
      • Parallel Snort Processes
        Sensors now run parallel Snort processes to make event processing more efficient.
      • Snort VRT Rules
        You can now use your existing Snort VRT Rules subscription. To add your existing Snort VRT Rules subscription to one of your sensors check the checkbox next to “SourceFire VRT Rules?” and fill in the Oinkcode, OS, and subscription type fields (they appear only after you check the “SourceFire VRT Rules?” checkbox).
      • Emerging Threats Pro Rules
        All sensor subscriptions now include an Emerging Threats Pro Rules subscription.
      • WHOIS
        Sensors now return enhanced host information.
    • Bots on the Dashboard
      The MetaFlows interface dashboard now lists all IP addresses that have a ranking greater than 0 and were part of events during the last 24 hours. Clicking on the IP address will take you to the historical interface and show all events from that IP address.
    • Pausing the Real Time Interface
      Click on the Pause icon at the bottom of the Real Time Interface to halt the display (so you can inspect records). If you pause the display, data will still be collected and kept, but new flows will not be added to the display. Once you un-pause, all flows that came in while the interface was paused will be displayed.
    • Query for Historical records by ranking
      A ranking option was added to the historical interface query options. If you turn on the “Ranking” option at the bottom of the Historical Interface before you click the “Reload” button to query for data matching the historical query options, only records with a ranking greater than 0 will be returned. This reduces the amount of records by several orders of magnitude.
    • Forums and Groups
      Both Forums and Groups are new features to help you troubleshoot problems, analyze data gathered by your sensors, and receive assistance from the user community at large.
    • Ticketing
      Tickets can be created from escalation reports and submitted to groups in which you are a member.


    MetaFlows Showcases a Novel Security-as-a-Service Approach at SC10 SCinet

    Cloud Computing Concept Meets Supercharged Open-Source Network Security Tools at SC10

    REDLANDS, CA, November 12, 2010 — MetaFlows, Inc., a startup focused on leveraging emerging cloud/virtualization technologies for the next generation of network security solutions, will debut an innovative network security monitoring system as part of the SC10 networking infrastructure called ?SCinet?. By monitoring SCinet?s diverse and high throughput network, MetaFlows aims to demonstrate that its new network security monitoring (?NSM?) system, the world?s first fully SaaS-based system, is ?ready for the big leagues.? If successful, it would also signal the realization of a new cost-cutting paradigm shift the network security industry -and its patrons- have been waiting for.

    Founded upon battle-hardened, open-source resources (Emerging Threats signatures, Cyber-TA?s BotHunter dialog-based correlator, Sourcefire?s Snort VRT, etc.), MetaFlows? NSM reconciles and ranks IDS, flow, and active (local AND global) intelligence through a revolutionary predictive global correlation system based on Google?s page ranking algorithm, better revealing true positives while significantly cutting down on false-positive clutter. MetaFlows? NSM then delivers and unifies these results, along with log management, through the world?s first fully SaaS-based, real-time security console with easy-to-use forensic tools for deep event analysis. To cap it all off, MetaFlows? Open-Sensor Technology? helps NSM subscribers save thousands more dollars per year by granting them the ability to use almost any off-the-shelf sensor hardware they prefer or, via Linux/FreeBSD or virtual machines, use their preexisting hardware.

    ?At SC10, we expect to show the world that these technologies are now fully matured and able to handle the most demanding of environments,? said Livio Ricciulli, Founder and Chief Scientist of MetaFlows. ?The HPC community should find our fully SaaS-based security console and predictive global correlation technologies especially interesting, because they afford HPC admins and their MSSPs the levels of secure mobility and efficiency they?ve always needed but have never seen before.?

    MetaFlows? NSM will be active throughout SC10, and MetaFlows Chief Scientist, Livio Ricciulli, will be available to answer any questions you might have about it, November 14th through the 19th.

    If you are interested in a live demonstration of MetaFlows NSM while at SC10, Livio Ricciulli would be happy to personally demo the system and get your feedback. Simply RSVP with MetaFlows? press contact, Jude Calvillo (, to arrange a meeting.

    About MetaFlows, Inc.

    MetaFlows, Inc. is a California-based corporation currently working to bring the world?s first fully SaaS-based IDS management solution to market, a solution so revolutionary in infrastructure and intelligence that it will unavoidably slash the costs and complexity of network security monitoring while actually improving upon event analysis and remediation response time(s). MetaFlows is partially funded by the National Science Foundation and SRI International and is led by a team of experienced entrepreneurs with a track record of success in network security ventures. For more information on MetaFlows, please visit:

    About SC10

    SC10, sponsored by the IEEE Computer Society and the ACM (Association for Computing Machinery) offers a complete technical education program and exhibition to showcase the many ways high performance computing, networking, storage and analysis lead to advances in scientific discovery, research, education and commerce. This premier international conference includes a globally attended technical program, workshops, tutorials, a world class exhibit area, demonstrations and opportunities for hands-on learning. For more information on SC10, please visit:


    Shaun Keating

    MetaFlows Media Relations

    Phone: 877.664.7774

    Fax: (877) 539-7778