{"id":15658417,"url":"https://github.com/clong/vagrant-ids","last_synced_at":"2025-07-26T10:06:02.076Z","repository":{"id":83367855,"uuid":"100167629","full_name":"clong/vagrant-ids","owner":"clong","description":"An Ubuntu 16.04 build containing Suricata, PulledPork, Bro, and Splunk","archived":false,"fork":false,"pushed_at":"2018-07-10T06:21:54.000Z","size":32,"stargazers_count":23,"open_issues_count":0,"forks_count":17,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-05-05T16:55:11.837Z","etag":null,"topics":["bro-ids","information-security","intrusion-detection","intrusion-detection-system","splunk","suricata","vagrant","vagrantfile"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/clong.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-08-13T09:50:58.000Z","updated_at":"2024-10-11T14:11:58.000Z","dependencies_parsed_at":null,"dependency_job_id":"e9b91aeb-91d2-4347-9c95-f8b47ae39736","html_url":"https://github.com/clong/vagrant-ids","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/clong/vagrant-ids","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clong%2Fvagrant-ids","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clong%2Fvagrant-ids/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clong%2Fvagrant-ids/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clong%2Fvagrant-ids/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/clong","download_url":"https://codeload.github.com/clong/vagrant-ids/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clong%2Fvagrant-ids/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267149601,"owners_count":24043445,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-26T02:00:08.937Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bro-ids","information-security","intrusion-detection","intrusion-detection-system","splunk","suricata","vagrant","vagrantfile"],"created_at":"2024-10-03T13:12:23.768Z","updated_at":"2025-07-26T10:06:02.047Z","avatar_url":"https://github.com/clong.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Vagrant-IDS\n\n# Purpose\nThis Vagrant file will spin up an Ubuntu 16.04 box (Bento) and install and configure the following software:\n* Suricata (3.2.8 - Latest stable build at time of writing)\n* PulledPork\n* Bro (Latest)\n* Splunk (6.6.2 - Latest at time of writing)\n\n## Setup\n1. Install a provider (Virtualbox/VMWare/etc)\n2. Install [Vagrant](https://www.vagrantup.com/)\n3. `$ git clone https://github.com/Centurion89/vagrant-ids.git`\n4. `$ cd vagrant-ids`\n5. `$ vagrant up --provider=[vmware_fusion/virtualbox/etc]`\n\n## Suricata\nThe suricata.yaml file that will be installed includes a few small changes, primarily:\n* JSON logging (eve.json) is enabled and configured fairly verbosely\n* The config assumes HOME_NET = 192.168.0.0/16\n* The only rule file being imported is pulledpork.rules\n\nSuricata is configured to startup using the sole \"ens32\" interface. Rules are stored in `/etc/suricata/rules`.\n\nAfter installation, Suricata will perform two curl commands to ensure that the detection engine and logging are functioning properly. However, please note that the vagrant build will continue even if the tests fail.\n\n## PulledPork\n[PulledPork](https://github.com/shirkdog/pulledpork) is used to configure rule management and updates in Suricata. It is installed in /opt/pulledpork and is configured to pull down EmergingThreats rules. You can manually run PulledPork via `/opt/pulledpork/pulledpork.pl -c etc/pulledpork.conf -S suricata-3.0`. Also consider adding that command to cron if you would like updates to run on a schedule automatically\n\n## Bro\nBro is cloned and installed into `/opt/bro`. Similar to Suricata, it assumes all RFC1918 is part of private networks and uses \"ens32\" as the interface it monitors. JSON logging is enabled and it is configured to run in standalone mode.\n\n## Splunk\nSplunk will be installed with two indexes:\n* suricata\n* bro\n\nAccess Splunk at https://vagrant:8000. The default credentials are `admin:changeme` and can be changed via CLI or web interface.\n\nBy default, Splunk is configured to ingest `/var/log/suricata/eve.json` and all \".log\" files in `/opt/bro/logs/current/`. To modify what logs are collected, edit `/opt/splunk/etc/system/local/inputs.conf`\n\n## Contributing\nIf you encounter any issues or would like to request any features, please feel free to submit a PR or create an issue.\n\n## References\n* [How to Install and Configure Bro on Ubuntu Linux](https://komunity.komand.com/learn/article/network-security/how-to-install-and-configure-bro-on-ubuntu-linux/)\n* [How To Install Bro-IDS 2.2 on Ubuntu 12.04](https://www.digitalocean.com/community/tutorials/how-to-install-bro-ids-2-2-on-ubuntu-12-04)\n*  [How to install Suricata intrusion detection system on Linux](http://xmodulo.com/install-suricata-intrusion-detection-system-linux.html)\n* [Install Perl modul with assume yes for given options non-interactively](https://stackoverflow.com/questions/18458194/install-perl-modul-with-assume-yes-for-given-options-non-interactively)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclong%2Fvagrant-ids","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fclong%2Fvagrant-ids","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclong%2Fvagrant-ids/lists"}