snorby: Beautiful Rails network security monitoring app for Snort, Suricata, and Sagan

Last week we brought you Graylog2 which takes the otherwise boring job of log monitoring and provides some pretty slick searching, filtering, and visualization. Dustin Webber aims to do the same for network security monitoring with Snorby, a Rails application front-end for Snort, Suricata, and Sagan.

Features

Snorby boasts a robust set of features including:

  • Metrics & Reports - Drill down into your data by day, week, month, or custom timetables and even export to PDF.
  • Classify events into a number of predefined classifications or create your own
  • Full packet and session data monitoring using OpenFPC, Solera DS Appliances, and Solera’s DeepSee
  • Keyboard friendly hotkeys let you navigate the interface without a mouse
  • Extensibility via third party plugins

screencap

Getting Snorby

Snorby comes in two flavors, the Insta-Snorby NSM network appliance which bundles Snorby 2.2.4, Snort, Barnyard, OpenFPC, and Pulled Pork, or as application source to roll your own solution.

Check the Snorby web site for instructions on installing from source.

Try before you spy

If you’d like to play around with the Snorby interface, there is a live demo:

Be sure to follow Dustin on Twitter, join the mailing list, or drop into #snorby on irc.freenode.net for updates or ask questions.

[Source on GitHub] [Snorby] [Discuss on Hacker News]

News Films

Our little film studio focuses on telling developer-centric stories that need to be seen.

Beyond Code: Season 3 / GopherCon 2015

 
0:00 / 0:00