Snortalog is a powerful Perl script that summarizes Snort logs, making it easy to view any network attacks detected by Snort. It can generate charts in HTML, PDF, and text output. It works with all versions of Snort, and can analyze logs in three formats: syslog, fast, and full snort alerts. Moreover, it is able to summarize other logs like Fw-1 (NG and 4.1), Netfilter, and IPFilter in a similar way.
481fcdc8655cc5642407240eb0427fb02075e7905d20eac72e11515b19dca083
IDS Policy Manager was written to manage Snort IDS sensors in a distributed environment. This is done by having the ability to take the text configuration and rule files and allow you to modify them with an easy to use Graphical interface. With the added ability to merge new rule sets, manage pre processors, control output modules and scp rules to sensors, this tool makes managing snort easy for most security professionals.
51187a7ec1aaf48843ca3917132561b22aa02a4055ccda784669bae0fcb10d98
covertsession is a command line tool that allows you to create a TCP session that IDS sensors cannot parse correctly. What this tool lets you do is inject bytes into your outbound data stream that an IDS sensor will treat as part of the data stream but the remote OS will ignore. If used correctly it can cause a signature not to match. This tool provides command line options to control how bytes are injected. It can use a file as its source of input. Or it can listen on a local port, redirecting the TCP session covertly to an IP:Port specified on the command line. Tested against Snort 2.2.
0ae15acc4feea9b3deae43d9277a060af770fcb25fc29192f6682a0b370d77d1
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
1eb6ebef1bf8d3b85f10a542c3380392bd5a089bd210a52758f642269fe9ce8b
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
9c45b1d95fbc8e717de6017f6d007512d1d5d855d9c9a10b3107b5754c040dac
USR-Guard acts as a bridge between Snort and a US Robotics 9105 ADSL router. When a snort alert is generated, USR-Guard will connect into your US Robotics router and add rules to block the host. This block is then removed after a defined period of hours.
764b2b47709981a3d439be75ac13bb7b80ff9c8b37c2569add38c5f3781ead40
BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a Web frontend to query and analyze the alerts coming from a Snort IDS.
ce6ebc5e75d69be73eaad1a544ad66ac2349127303622e8199b3a2d7b246f196
SAM is a Real-Time Snort alert monitor. SAM provides many ways to indicate that you may be experiencing an intrusion attempt on your network including audio/visual warnings, email warnings, etc. SAM is written in Java for maximum portability.
929d2393ad3c51b332c51d5ed5b719af9eecb320eeb70f34a4f5bad03ffd3979
Aanval is a web based Snort intrusion detection console. Currently supporting Snort and syslog, Aanval provides dynamic monitoring, comprehensive reporting and powerful alerting capabilities. Several primary features are account hierarchy, data-archiving, real-time data displays, auto signature updating, sensor management tools, easy upgrading, advanced searching, artificial intelligence, timezone control, charts/graphs, query saving and more.
3c0a3023b264dbaaa65785291bca02ad2f778cb607ecb3bc916125dc2fd7271d
SAM is a Real-Time Snort alert monitor. SAM provides many ways to indicate that you may be experiencing an intrusion attempt on your network including audio/visual warnings, email warnings, etc. SAM is written in Java for maximum portability.
c40fa01249c626bf864be81898357d0aceb73a0915fbc7b5a83e3626b861ad2e
IDS Policy Manager was written to manage Snort IDS sensors in a distributed environment. This is done by having the ability to take the text configuration and rule files and allow you to modify them with an easy to use Graphical interface. With the added ability to merge new rule sets, manage pre processors, control output modules and scp rules to sensors, this tool makes managing snort easy for most security professionals.
fce92a285eaf9b9b22e83b109b315e21722dc3594d70a426b0c0e04983b48eef
FLoP is utility designed to gather alerts with a payload from distributed Snort sensors at a central server, and to store them in a database. Both PostgreSQL and MySQL are currently supported. High priority alerts may be sent out via e-mail.
d1bed331cdc280f6652f5dddcd5097c97252fcf70aeb2a28db3bf8103cf1886a
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
e49c838f75cdb2e17b23615fb4f9edca1937914ebd4c5588a5633fd1fb4d7016
BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a Web frontend to query and analyze the alerts coming from a Snort IDS.
1e57c153c45c04efda93669e385d5e0724a63e6a2828c14b4dc49f6468da06b0
Snort2Pf is a small Perl daemon which greps Snort's alertfile and blocks the bad hosts for a given amount of time using pfctl.
308149e0fcd8bf054c406a330a2f2b9c78a536d24b8a64593e8a8b68667a9a2d
Placid is a Web-based frontend for Snort that uses MySQL. It supports searching, sorting, and graphing of events, and was designed for speed and to have little overhead.
232304444140a229233a2a2f5ffa8372f4a9ca1473863c40183b8ccaded97bf6
BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a Web frontend to query and analyze the alerts coming from a Snort IDS.
d861520edf1e90488b1d049837fa31a1ff3c760e45b251e23ed9f54afb7e720f
Openaanval is an open-source web based Snort intrusion detection console. Currently supporting Snort and syslog, openaanval provides dynamic monitoring, comprehensive reporting and powerful alerting capabilities. Several primary features are account hierarchy, data-archiving, real-time data displays, auto signature updating, sensor management tools, easy upgrading, advanced searching, artificial intelligence, timezone control, charts/graphs, query saving and more.
194a66c052f386871eac6a3eb614883587e5e68057206c19569276cbddf5bb23
BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a Web frontend to query and analyze the alerts coming from a Snort IDS.
a715621564524c48753d530f47e87674d1aeb6f9476ad608f5cbbed746e1d251
The snortSnmpPlugin enables snort to send SNMP alerts to network management systems (NMS). The alerts can be traps (the alert will not be acknowledged by the receiver) or informs (the alert will be acknowledged by the receiver ). This is version 2.2.0-01.
44d5265b9d04e1782de2350a0151bec4e8ab23e871e6d6244258e461efce687f
Version 1.1 of Oinkmaster. Oinkmaster is simple Perl script released under the BSD license to help update and manage Snort 2.0+ rules and to comment out the unwanted ones after each update. It will report what has changed since the last update, offering good change control.
60217e5b157b416fbf30272d50b237c49bf15f150e1f2e9b55e3619991f3f854
FLoP is utility designed to gather alerts with a payload from distributed Snort sensors at a central server, and to store them in a database. Both PostgreSQL and MySQL are currently supported. High priority alerts may be sent out via e-mail.
de9859f2c2243192424efaf4af7a033ed888c7455ef387de82c975d61e65a030
OpenAanval is an open-source web based Snort intrusion detection console. Currently supporting Snort and syslog, OpenAanval provides dynamic monitoring, comprehensive reporting and powerful alerting capabilities. OpenAanval supports multiple sensors of multiple intrusion detection system types. OpenAanval's web-browser interface provides live auto-updating technology which provides real time event viewing from any Internet connected web-browser.
f4b7fec0c8497ee77587eb5499c23917d90a41b5e63e37a2cfc6f69da6af68c1
Placid is a Web-based frontend for Snort that uses MySQL. It supports searching, sorting, and graphing of events, and was designed for speed and to have little overhead.
b9ed5948f9f5d7ab54fbfbb89c074ec6b54bc6491627c28693e3e852342502f4
BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a Web frontend to query and analyze the alerts coming from a Snort IDS.
5e2de03ae3a29fbeb42b795289a23f1f27bbb4e951203b99eef70a1694be5de3