Snort Blog: GUIs for Snort. I asked for people to send me topics that they'd like to learn more about in Snort, and I received a good amount of responses. So I thought I'd get started on one of them. BTW - if you'd like to get our input on something Snort related for the blog, please feel free to email me at joel [at] snort. Every so often (probably twice a year) there seems to be an uptick in the amount of people emailing the mailing lists asking about GUIs for Snort.

Many of them repeat offenders. So I am guessing that either people don't know about the GUI options for Snort or people don't like the ones they have. So let's start off with a few in alphabetical order: BASEBASE, the Basic Analysis and Security Engine was based off of the old ACID code codebase. The ACID GUI interface (which is now dead, and has been for about five or six years) was a college project written by an attendee of Carnegie Mellon. It hasn't been actively developed since about 2.

BASE, a fork of the ACID code, picked up where the original author left off, added a bunch of new features, and made it easy to use, multi- language, and a  highly functional GUI. There were plans for a redesign of BASE, including the database format that it reads from, but Kevin Johnson, the original BASE project manager has since left the project and turned the project over to new management. However, it remains the most popular Snort GUI interface with over 2. BASE is written in PHP, and has several dependencies. BASE has it's own IRC channel #secureideas, although there is rarely anyone there, so most people come to the default #snort for help.

VRT Labs. labs.snort.org is an undertaking by the Sourcefire VRT. All materials contained on this site were authored by members of the VRT. They are presented here to.

OSSIMOSSIM, made by Alien. Vault stands for "Open Source Security Information Management". Not only can it take the logs from Snort and display them in a great looking interface, but it also integrates with many other tools (p. I've personally never used this tool, but I've heard from the people that use do use it, and find it really a joy to use. PLACIDStanding for "Phil Loathes ACID", it was originally made as a super stripped down way of simply looking at Snort Events in the Snort DB. It has stayed that way. There is a certain demographic of Snort users that like simple, text based interfaces, and PLACID serves that need.

SGUIL(Pronounced "Squeel")  SGUIL started off as the "Snort GUI for Lamers". The project, maintained by Bamm Vischer, is a multi part system consisting of a "Sensor", "Server", and "Client". Not only is SGUIL a GUI for Snort, but it also integrates other technologies into the recording of data for use by the analyst as well (including fulltime, full packet capture). This is a heavy weight technology, is written in TCL, and is a very well performing engine. Most people start off with a GUI like BASE and move into SGUIL. SGUIL also has it's own IRC channel #snort- gui.

Snorby. A relative newcomer to the Snort GUI area, Snorby uses a lot of "Web 2. This seems to be the current "go- to" web interface for Snort. While it has many of the features of BASE (and a lot more, hotkeys, classifications, an i. OS interface, and actual pdf reporting), and not as featured as SGUIL (in terms of architecture), it's extremely easy to deploy, looks fantastic, and functions as an alert browser very well.

Snorby's code is hosted on Github, here. Another advantage of Snorby is that it integrates with the Open. FPC project.  Functioning similar to how SGUIL collects all information on the network using Full Packet Capture (FPC), Snorby gives you the ability to not only view the Snort alert, but also to view the alerts in context with the rest of the packet flow on the network. Snorby's IRC channel can be found at #snorby.

Download Snort 2.8.6.1

SQue. RTPaul wrote in about SQue. RT.  SQue. RT uses the SGuil database format and is also web based. You can see the screenshots and download it at the link above. This is by no means complete, these are just the most common that I see people using. If I have missed a free Snort GUI that you enjoy, please feel free to respond in the comments. The more complete your post, the better. Give people links to your favorite tool.

Update:  http: //blog. Fire. POWERWhile not free by any means, the Fire.

POWER system is the commercial system that we develop here at Cisco. Not only making the administration and analysis of events from Snort (the engine embedded into Fire. POWER) extremely simple, it couples hundreds of more features into an extremely complex system with a simple to understand and navigate GUI. Made to keep large deployments simple, and small deployments even easier, this is by far, the best system made. We're biased)  But, is not free.

Download Snort Ids

• Gunplay - 601 & Snort Hosted by Don Logan Djs - Free Mixtape Download or Stream it.
• Intrusion Detection Systems with Snort Advanced IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID.

Tim Irvine, Sales Director, INetU. We chose Tripwire not only because it is a proven brand, but also for its proficiency in addressing a broad range of regulations. BProbe is a Snort IDS that is configured to run in packet logger mode. It can be installed on a pc and inserted at a key juncture in a network to monitor.