Results 1 to 10 of 10

Thread: SNORT GUI suggestions?

  1. #1
    Junior Member
    Join Date
    Nov 2007
    Posts
    36

    Default SNORT GUI suggestions?

    I've recently started looking into snort. After a little playing around with the command line I would like to take a look at some GUI's.

    After some initial searching I see BASE is a popular choice.

    I'd like to get some feedback on what other forum members are using currently using.

    Any suggestions?

    Thanks in advance!

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by prelate View Post
    I've recently started looking into snort. After a little playing around with the command line I would like to take a look at some GUI's.

    After some initial searching I see BASE is a popular choice.

    I'd like to get some feedback on what other forum members are using currently using.

    Any suggestions?

    Thanks in advance!
    BASE will pretty much do everything you need. I have BASE embedded into my Cacti Installation so that I only have one place to stop to monitor just about everything on my network.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Junior Member
    Join Date
    Nov 2007
    Posts
    36

    Default thanks

    That sounds like exactly the setup I'm looking for. Thanks Streaker.

  4. #4
    Senior Member
    Join Date
    Jan 2006
    Posts
    1,334

    Default

    Also, might not be exactly what you're looking for if you want only a Snort GUI, but you might want to check out the OSSIM project

  5. #5
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    pfsense also has a GUI for Snort administration; makes managing the rules very easy, however I found pfsense and ossim to be somewhat bloated.

    BASE is probably what you need.
    dd if=/dev/swc666 of=/dev/wyze

  6. #6
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by swc666 View Post
    pfsense also has a GUI for Snort administration; makes managing the rules very easy, however I found pfsense and ossim to be somewhat bloated.

    BASE is probably what you need.
    Bloated software in *nix? are you a heathen?

    You can get burned at the stake while penguins dance for saying such things.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  7. #7
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by streaker69 View Post
    Bloated software in *nix? are you a heathen?

    You can get burned at the stake while penguins dance for saying such things.
    Great... now I'm going to have nightmares (again)

    On another note... I've been thinking about developing a BASE addon to manage rules / rulesets. Anyone know of such a thing that exists already?
    dd if=/dev/swc666 of=/dev/wyze

  8. #8
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by swc666 View Post
    Great... now I'm going to have nightmares (again)

    On another note... I've been thinking about developing a BASE addon to manage rules / rulesets. Anyone know of such a thing that exists already?
    I thought there was something like that in the Snort repo. Check out Snort's download section.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  9. #9
    Member imported_anubis2k7's Avatar
    Join Date
    Jun 2006
    Posts
    115

    Default

    for a "quick and dirty" build, i would go with snort-base plus ntop.

    OSSIM is not a bad choice in my opinion, but it does need a lot of work to setup and install.
    "Sure is for people with nothing on the line.....you and me? We just get on with it."

    -Garabaldi

  10. #10
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    1

    Default nice one

    Though it's nagged, there's a free licens for trial.

    Try out Aanval from aanval.com, nice work guys. Not perfect by far but really nice work.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •