Snorby

• Security Onion Snorby
• Snorby Alternatives

Gem install rails bundler passenger bundle install cp config/snorbyconfig.yml.example config/snorbyconfig.yml cp config/database.yml.example config/database.yml Edit the config file. Nano config/snorbyconfig.yml. Under production modify the rules section to match. This will allow Snorby to display the full snort rule that triggered the event. Snorby is a new, open source front-end for Snort. The basic fundamental concepts behind Snorby are simplicity and power. The project goal is to create a free, open source and highly competitive application for network monitoring for both private and enterprise use. Snorby Cache Jobs # This will manually run the sensor cache job - pass true or false for verbose output Snorby::Jobs::SensorCacheJob.new(true).perform` # This will manually run the daily cache job - once again passing true or false for verbose output Snorby::Jobs::DailyCacheJob.new(true).perform # Clear All Snorby Cache - You must pass true to. Snorby is a frontend application for Snort. Snorby let you check and analyze your Snort events and alerts from a web browser.

Hi, this is me again. This time I'm offering an update of my old post about how to install Snorby on CentOS as some readers have found some errors and problems. Though I've created this post for CentOS 6.5, this article may help you also if you're trying to install Snorby on CentOS 6.4.

Security Onion Snorby

Now it's easier to use wkhtmltopdf and I've also added a section to make the installation of ruby cleaner. Ok let's start!

First, we're installing some packages and we're also going to install the EPEL repository.

Now we are going to download and compile ImageMagick.

OK, time for wkhtmltopdf. In the past I had problems with the static version, that's why I decided to compile it. The latest version works fine for me. Visit http://wkhtmltopdf.org/ and download the latest wkhtmltopdf for your Linux architecture 32 bits or 64 bits. I'm using the 64 bits version.

Thanks to this article I've used the instructions to create the rpm package for Ruby 1.9.3

Now we're going to install bundler and Snorby

I've created an empty database for Snorby and I've configured a user with permissions for that database:

We've to create a database.yml config file and edit it. We'll add the database password, the name of the database and the MySQL server hostname or IP address:

OK, I hope you're following and you've no errors so far. Edit the Gemfile file and follow these instructions:

We're close. Edit the Gemfile.lock file.

We need a snorby_config.yml. Then you can edit thing like the domain for your Snorby installation. You have more information about configuration in Snorby's official page.

Let's install Snorby. If installation is successful we'll launch it using the thin server (thanks for the tip Mephux and of course thank you for Snorby)

If everything is fine you'll have Snorby listening on 0.0.0.0:3000, if you want to open the port use this iptables rule (adjust it for your needs of course 🙂 )

And that's it! Snorby is showing the login (user: snorby@snorby.org password: snorby) and the export to PDF function is working for me. I'll try to offer more information about Snorby in the future.

Thank you Parvez and W.White for your comments and please let me know if you find errors.

Cheers!

Snorby is a modern Snort IDS frontend. The basic fundamental concepts behind Snorby are simplicity and power. The project goal is to create a free, open source and highly competitive application for network monitoring for both private and enterprise use.

Reports – With the ability to export to many popular formats and index security events for fast searching, Snorby supports XML, CSV and PDF export formats.

Snorby Alternatives

Schedule – Setup reports for the future and be notified via email upon completion. Snorby also creates a daily, weekly and monthly report so you always have a snapshot and documentation.

Collaboration – Every security event has the ability for comments and notes. This is very useful if you need a reminder or if you wish to delegate the event to a colleague.

Open source – With a completely open API and with the source at your fingertips the possibilities are endless for customization.

Reports – With the ability to export to many popular formats and index security events for fast searching, Snorby supports XML, CSV and PDF export formats.

Snorby Alternatives

Schedule – Setup reports for the future and be notified via email upon completion. Snorby also creates a daily, weekly and monthly report so you always have a snapshot and documentation.

Collaboration – Every security event has the ability for comments and notes. This is very useful if you need a reminder or if you wish to delegate the event to a colleague.

Open source – With a completely open API and with the source at your fingertips the possibilities are endless for customization.

Teammates – This feature lets you add contact information of other peoples and quickly send events to the appropriate parties.

Snorby 2.0 features the following:

• Fully rewritten from the ground up in Rails 3 and Ruby 1.9.2
• Fast, resilient and scalable (with new backend workers)
• Completely redesigned user interface (for new and advanced users)
• Full packet capture support with OpenFPC
• Useful reports and metrics (PDF reports, graphs, email reports)
• Customizable severities and classifications
• Real time event listing using AJAX long polling.
• Supports Snort, Sagan and Suricata
• Revamped and intuitive administration interface.