UNICORN - Unicos Realtime NADIR NADIR (which stands for Network Anomaly Detector and Intrusion Report) was one of the first automated intrusion detection systems designed and implemented. Originally it was designed to accept audit logs from a Los Alamos network security controller running a homegrown version of Kerberos. This year it was decided to expand NADIR to be more general and more powerful. The result is UNICORN--Unicos Realtime NADIR. Unicorn will accept audit logs from Unicos (Cray Unix), Kerberos, and our common file system, then analyze them and attempt to detect intruders in realtime. Because Unicorn was designed for Kerberos and Unix, the design can be applied to many other network configurations. URL: http://www.c3.lanl.gov/~mcn/unicorn.html JT