GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → shirkdog → hunter-nsm

shirkdog / hunter-nsm

Licence: BSD-2-Clause license
Simple install script for Snort/Bro IDS with JSON logging on FreeBSD

Programming Languages

shell
77523 projects

Hunter NSM

Simple install script for Snort/Bro IDS with JSON logging on FreeBSD

Copyright (C) 2015 Michael Shirk, Daemon Security Inc.

Hunter NSM is a modular platform for deploying network sensors. Instead of adding additional security vulnerabilities with the addition of numerous tools, Hunter provides a minimalist approach to achieving full network monitoring with Bro NSM and Snort IDS.

Features and Capabilities

  • Automates the installation of Snort or Bro on a FreeBSD server
  • Configures JSON output using ids-tools and Bro native JSON output to work with any type of logging tool.
  • Uses PulledPork to automate signature updates
  • Configures startup scripts to work with FreeBSD

Key features of Hunter NSM

All logging is configured to output to the /nsm directory (/nsm/bro2 for Bro, /nsm/snort for Snort). Before running the script, ensure that you have a enough disk space to log the security data.

Custom configs for Snort:

/usr/local/bin/snortUpdate.sh This script runs PulledPork and restarts Snort for rule updates

/usr/local/bin/snortStartup.sh This script starts u2json by way of /etc/rc.local and reads the snort output from /var/log/snort and writes out JSON events.

/usr/local/bin/du2json This script runs u2json with the necessary command line arguments.

Custom configs for Bro:

/opt/bro2/share/bro/site/local.bro Updated the default site policy for JSON output

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].