Got Snorby(Snort GUI) up and working

[AMD_Gamer]

This is pretty cool. Snorby is a GUI for Snort. You can download a .ISO called instasnorby that is a simple install and just type in the IP address in your browser. http://snorby.org/

Pretty cool stuff. I was looking for something like this to play around with and experiment with span and port mirroring.

I could not get the sensor to work in ESXi so i installed it on VirtualBox.

 

[SpaceHonkey]

Looks good although I don't see where they allow you to manage your signatures. That's the biggest thing I've found lacking with snort GUIs.

 

[PanzerBoxb]

Looks good although I don't see where they allow you to manage your signatures. That's the biggest thing I've found lacking with snort GUIs.

Exactly. All the "GUIs" are for monitoring, not managing Snort.

One thing I don't see via the demo interface or in the wiki is the ability to have a local reference library for the signature.

 

[Arch]

How are you running snort? In just regular old IDS mode or do you have it running inline so it can actually do something about the attacks it sees?

 

[AMD_Gamer]

How are you running snort? In just regular old IDS mode or do you have it running inline so it can actually do something about the attacks it sees?

IDS, just setup it up for learning.