Incident.pl is a small script that, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
768aedcb8caea25e00a5e322adc3f3a8968fbb560588626eb982da93acbe02f8Razorback is a log analysis program for Gnome which interfaces with the Snort Intrusion Detection System to provide real time visual notification when an intrusion signature has been detected on the network. Screenshot here.
bf995a328a1251854c53e5c34496d05e4f9b9f0771092b4ec02ee65e4725c584incident.pl is a small script that, when given logs generated by snort, can generate an incident report for every event that appears to be an attempted security attack, and report the attack to the appropriate administrators.
7d97468826c4535fb03cd25d2ce6f4bd41aa270e523689b61513473a7ec7f196incident.pl is a small script that, when given logs generated by snort, can generate an incident report for every event that appears to be an attempted security attack, and report the attack to the appropriate administrators.
084366c6d9ca979363725bfc619c05624f1a3fad5f91c8ffe79c9c82827f54eeincident.pl is a small script that, when given logs generated by snort, can generate an incident report for every event that appears to be an attempted security attack, and report the attack to the appropriate administrators.
96863a83c459dd5de4cd245b196a7fa02fe008e2e25a35b5d8aaa60d36eda2b7snort_stat.pl v1.14 (Feb 2001) does statistical analysis on snort logfiles. It's setup to process the syslog alerts that Snort creates and generate a bunch of relavent statistics about the current alerts. If you read the beginning of the script, it tells you how to activate the program as a cron job to provide daily reports of activity recorded by Snort.
a4c45ac3acbf3195301eebb8c676c82d9a38471e0f6293ebbe01990c23769b06Snort 1.7 for Windows - This is a working port of Snort to Windows NT/2000/9x.
9158523305f16b03181280f71400362f5d8c75014152b3fcc0a2688e97d43131Razorback is a log analysis program for Gnome which interfaces with the Snort Intrusion Detection System to provide real time visual notification when an intrusion signature has been detected on the network. Screenshot here.
033824d50de2071828f3fb0259ca7de33e837ed9c03584736ce5c5cc2a0db09aSnort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
2a72cc7462f8f3ac5397dd54fb59090a5f1fa15f2e5eb2e2480628c58264cbb8Intrusion Detection Message Exchange Format (IDMEF) XML output plugin for Snort - Produces IDMEF messages in response to events triggering Snort rules. It is configured in a standard Snort configuration file, and can run concurrently with existing Snort logging output.
47be696d8de817eee9d309676ddafdcad0bd15b9991cfc434abf5f7c06d62654This is a php script which goes to the database (Postgresql) and generate some statistics from the data. For more info see this snortdb page.
221ba130f9735cee45697fe01ed5f6eaec67d1b0ff3fa6bd692e2fdf50096ef5Ruleset-retrieve obtains the newest Snort IDS ruleset from www.snort.org or whitehats.com and inserts your ip address into the appropriate areas.
b8bb6e29cff60690998357271c7e4ebbd86123e027df695e6983acae1a84cd10SnortSnarf is a Perl program to take files of alerts from the free Snort Intrusion Detection System, and produce HTML output intended for diagnostic inspection and tracking down problems. It uses a cron job to produce a daily/hourly/whatever file of snort alerts. This script can be run on each such file to produce a convenient HTML breakout of all the alerts.
6201b13e904f690a2b354db58fc8b6b1ee6fd3ce9b886bd7c0f06cba0e47a19eSnort2HTML v1.5 converts Snort Intrusion Detection System logs into nicely-formatted HTML.
c585d4e20fc71f2ee6d79241605c53963ed072a83ff76bc69cb7464c01834cb6Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture.
991de011f9f2f4bdadd940c59f2c2a0d68fbb623918c8669d6e3381ea99e91f9Spade stands for Statistical Packet Anomaly Detection Engine. It is a Snort preprocessor plugin to report and score unusual, possibly suspicious, packets. The anomaly score that is assigned is based on the observed history of the network. The fewer times that a particular kind of packet has occurred in the past, the higher its anomaly score will be. Based on the SPICE Whitepaper.
2d6fa9e406470ef908f831043f095d3795da1bdc0dcb001c6ef8411dfc6f8b38Snorticus is a collection of shell scripts designed to allow easy managment of Snort sensors. It allows you to routinely collect Snort sensor data, analyze the data via SnortSnarf, and easily maintain rule files.
f8d621dd59448d2e46229ef059992ce0cfe7c5db402e9a1ab1da4508c3cef260Snortstart v0.17 is a bash script which acts as a wrapper for starting snort which aims to install, start and stop snort in a chroot jail under unprivileged user and group.
f819146994c6cc9de048ddcdbb411b19792f7ba7f075d8e9fa8f6c0def139babSnort Panel is a front-end control panel for the win32 port of snort. It allows you to set command-line options via dialog box settings and it monitors the alerts file for new alerts.
e50f793cd53f455b32a5190829ea97353bf9ea47977f36f0c8d4fe5d3b6a32addupl.pl v0.4 is a snort rules beautifier which removes duplicate rules from *-lib, vision.conf, and xxxx-rules files.
b76c7e112174613043dc1d689b3076f74a8e39ce5dc0a8e0ed2b5687496b215eSnort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture.
b21e0c7cd4490e8f8b3298322e233f20a446833d396d1dbf1425841070a3a518Snort 1.6.2.2 ported to Windows - This is a working port of Snort to Windows NT/2000/9x. Changes include interface names, filenames, and syslog changes. Source available here.
9f853454f4330a398ff17c7d7961ca2d15d41680e45ecc3e2d3db6c48320f32fFalse snort rules last updated 06/08/2000. Detects Yahoo pager data, AOL chat data, SNMP, SMB queries, etc.
e0cc37cf4a21ee024fcd1f4811062eb6344ecd5ccc67f4d3f42512e62ec32562Updated snort rules to detect backdoors last updated 06/08/2000.
f3315df3c4af8b6c1423b26b3e8a49b4234f17ab007ee5f6486e46b8511b5bd6Full set of updated snort rules using using 'any' instead of "$HOME_NET" variables. Last updated 07/06/2000.
5907c0a852e13e6fdfc0d193bd84932d7e82af352b2e2db8215bf03c0807b37d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed