GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → clong → vagrant-ids

clong / vagrant-ids

Licence: other
An Ubuntu 16.04 build containing Suricata, PulledPork, Bro, and Splunk

Programming Languages

shell
77523 projects

Labels

vagrantsplunksuricataintrusion-detectionvagrantfileinformation-securitybro-idsintrusion-detection-system

Projects that are alternatives of or similar to vagrant-ids

Detectionlab
Automate the creation of a lab environment complete with security tooling and logging best practices
Stars: ✭ 3,237 (+15314.29%)
Mutual labels:  vagrant, vagrantfile, information-security
Intrusion Detection
Whenever founds internet connectivity confirms is it you, if not log you off and send you image of intruder.
Stars: ✭ 24 (+14.29%)
Mutual labels:  intrusion-detection, intrusion-detection-system
Ansible Role Hardening
Ansible role to apply a security baseline. Systemd edition.
Stars: ✭ 188 (+795.24%)
Mutual labels:  vagrant, information-security
sandfly-setup
Sandfly Security Agentless Compromise and Intrusion Detection System For Linux
Stars: ✭ 45 (+114.29%)
Mutual labels:  intrusion-detection, intrusion-detection-system
Py Idstools
idstools: Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool)
Stars: ✭ 205 (+876.19%)
Mutual labels:  suricata, intrusion-detection
Kubernetes Vagrant Centos Cluster
Setting up a distributed Kubernetes cluster along with Istio service mesh locally with Vagrant and VirtualBox, only PoC or Demo use.
Stars: ✭ 1,750 (+8233.33%)
Mutual labels:  vagrant, vagrantfile
build-inspector
Inspect your builds to look for changes in filesystem, network traffic and running processes.
Stars: ✭ 12 (-42.86%)
Mutual labels:  vagrant, vagrantfile
vagrant-r10k
UNSUPPORTED - SEEKING MAINTAINER - Vagrant middleware plugin to retrieve puppet modules using r10k.
Stars: ✭ 36 (+71.43%)
Mutual labels:  vagrant, vagrantfile
TheBriarPatch
An extremely crude, lightweight Web Frontend for Suricata/Bro to be used with BriarIDS
Stars: ✭ 21 (+0%)
Mutual labels:  suricata, intrusion-detection
kubeadm-vagrant
Setup Kubernetes Cluster with Kubeadm and Vagrant
Stars: ✭ 49 (+133.33%)
Mutual labels:  vagrant, vagrantfile
Briarids
An All-In-One home intrusion detection system (IDS) solution for the Raspberry PI.
Stars: ✭ 187 (+790.48%)
Mutual labels:  suricata, intrusion-detection
NIDS-Intrusion-Detection
Simple Implementation of Network Intrusion Detection System. KddCup'99 Data set is used for this project. kdd_cup_10_percent is used for training test. correct set is used for test. PCA is used for dimension reduction. SVM and KNN supervised algorithms are the classification algorithms of project. Accuracy : %83.5 For SVM , %80 For KNN
Stars: ✭ 45 (+114.29%)
Mutual labels:  intrusion-detection, intrusion-detection-system
Nfr
A lightweight tool to score network traffic and flag anomalies
Stars: ✭ 104 (+395.24%)
Mutual labels:  suricata, intrusion-detection
fever
fast, extensible, versatile event router for Suricata's EVE-JSON format
Stars: ✭ 47 (+123.81%)
Mutual labels:  suricata, intrusion-detection
kubernetes-cluster
Vagrant As Automation Script
Stars: ✭ 34 (+61.9%)
Mutual labels:  vagrant, vagrantfile
Vagrantfile
Vagrant 配置示例
Stars: ✭ 50 (+138.1%)
Mutual labels:  vagrant, vagrantfile
sig-windows-dev-tools
This is a batteries included local development environment for Kubernetes on Windows.
Stars: ✭ 52 (+147.62%)
Mutual labels:  vagrant, vagrantfile
vagrant-ansible-kubernetes
Combination of Vagrant and Ansible to spin up a Kubernetes cluster
Stars: ✭ 50 (+138.1%)
Mutual labels:  vagrant
litemall-dw
基于开源Litemall电商项目的大数据项目,包含前端埋点(openresty+lua)、后端埋点;数据仓库(五层)、实时计算和用户画像。大数据平台采用CDH6.3.2(已使用vagrant+ansible脚本化),同时也包含了Azkaban的workflow。
Stars: ✭ 36 (+71.43%)
Mutual labels:  vagrant
wazuh-puppet
Wazuh - Puppet module
Stars: ✭ 25 (+19.05%)
Mutual labels:  intrusion-detection
View All Similar Projects ➔

Vagrant-IDS

Purpose

This Vagrant file will spin up an Ubuntu 16.04 box (Bento) and install and configure the following software:

  • Suricata (3.2.8 - Latest stable build at time of writing)
  • PulledPork
  • Bro (Latest)
  • Splunk (6.6.2 - Latest at time of writing)

Setup

  1. Install a provider (Virtualbox/VMWare/etc)
  2. Install Vagrant
  3. $ git clone https://github.com/Centurion89/vagrant-ids.git
  4. $ cd vagrant-ids
  5. $ vagrant up --provider=[vmware_fusion/virtualbox/etc]

Suricata

The suricata.yaml file that will be installed includes a few small changes, primarily:

  • JSON logging (eve.json) is enabled and configured fairly verbosely
  • The config assumes HOME_NET = 192.168.0.0/16
  • The only rule file being imported is pulledpork.rules

Suricata is configured to startup using the sole "ens32" interface. Rules are stored in /etc/suricata/rules.

After installation, Suricata will perform two curl commands to ensure that the detection engine and logging are functioning properly. However, please note that the vagrant build will continue even if the tests fail.

PulledPork

PulledPork is used to configure rule management and updates in Suricata. It is installed in /opt/pulledpork and is configured to pull down EmergingThreats rules. You can manually run PulledPork via /opt/pulledpork/pulledpork.pl -c etc/pulledpork.conf -S suricata-3.0. Also consider adding that command to cron if you would like updates to run on a schedule automatically

Bro

Bro is cloned and installed into /opt/bro. Similar to Suricata, it assumes all RFC1918 is part of private networks and uses "ens32" as the interface it monitors. JSON logging is enabled and it is configured to run in standalone mode.

Splunk

Splunk will be installed with two indexes:

  • suricata
  • bro

Access Splunk at https://vagrant:8000. The default credentials are admin:changeme and can be changed via CLI or web interface.

By default, Splunk is configured to ingest /var/log/suricata/eve.json and all ".log" files in /opt/bro/logs/current/. To modify what logs are collected, edit /opt/splunk/etc/system/local/inputs.conf

Contributing

If you encounter any issues or would like to request any features, please feel free to submit a PR or create an issue.

References

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].