- Short Term (all started to some degree)
   - documentation
   - full input validation
   - multi-sensor support in all operations
   - new search criteria: TCP/IP options
   - various "fast searches" off the main page
   - lookups for a particular IP (intelligent dig, traceroute, etc.) 
   - print the same stats listed on the main page for all query results

- Longer Term
   - improve the quality and flexibility of the graphs
   - support a user login and privileges on operations/data
   - add additional database support (e.g., Oracle)
   - plug-in architecture for non-PHP analysis operations
   - support analysis operations running in the background and being
     scheduled
   - layer 4+ packet decode
   - workflow mechanisms for multiple analysts examining the same data
   - export alerts into different formats (e.g., tcpdump)
   - import alerts from different formats
   - extend database schema to support host-base security tools 
   - more real analysis!

Last Updated: 01-10-2001
