{"id":13530619,"url":"https://github.com/jasonish/evebox","last_synced_at":"2025-05-14T23:06:29.146Z","repository":{"id":17306633,"uuid":"20077214","full_name":"jasonish/evebox","owner":"jasonish","description":"Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search","archived":false,"fork":false,"pushed_at":"2025-05-05T23:58:12.000Z","size":9820,"stargazers_count":457,"open_issues_count":13,"forks_count":67,"subscribers_count":43,"default_branch":"main","last_synced_at":"2025-05-06T00:25:32.215Z","etag":null,"topics":["ids","ips","netsec","nsm","security","suricata"],"latest_commit_sha":null,"homepage":"https://evebox.org/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jasonish.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"jasonish"}},"created_at":"2014-05-22T21:14:36.000Z","updated_at":"2025-05-05T23:13:32.000Z","dependencies_parsed_at":"2023-12-12T05:22:39.954Z","dependency_job_id":"c2dcfa5a-b34b-4141-83f6-c2f0ca7dd37b","html_url":"https://github.com/jasonish/evebox","commit_stats":{"total_commits":1667,"total_committers":5,"mean_commits":333.4,"dds":"0.010797840431913563","last_synced_commit":"335e5d21a5b870e7d8e2b9c66f36162ff0f95a0b"},"previous_names":[],"tags_count":33,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jasonish%2Fevebox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jasonish%2Fevebox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jasonish%2Fevebox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jasonish%2Fevebox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jasonish","download_url":"https://codeload.github.com/jasonish/evebox/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254243360,"owners_count":22038046,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ids","ips","netsec","nsm","security","suricata"],"created_at":"2024-08-01T07:00:52.532Z","updated_at":"2025-05-14T23:06:24.138Z","avatar_url":"https://github.com/jasonish.png","language":"Rust","funding_links":["https://github.com/sponsors/jasonish"],"categories":["Analysis Tools"],"sub_categories":[],"readme":"# EveBox\n\nEveBox is a web based Suricata \"EVE\" event viewer for Elastic Search.\n\n- Homepage and documentation: https://evebox.org\n\n![EveBox](https://evebox.org/img/evebox-inbox-dark.png)\n\n## Features\n\n- A web based event viewer with an \"Inbox\" approach to alert\n  management.\n- Event search.\n- An agent for sending Suricata events to the EveBox server (but you\n  can use Filebeat/Logstash instead).\n- Embedded SQLite for self-contained installations.\n\n## Requirements\n\n- Suricata - to generate alerts and events.\n\nAnd one of...\n\n- An existing ElasticSearch/Logstash (version 7 or greater) setup\n  already handling Suricata events (EveBox has issues with Filebeat\n  indices at this time).\n- Just Elastic Search, using EveBox or the EveBox agent to add events.\n- Nothing - EveBox can use an embedded SQLite database suitable for\n  lower load installations (note: not all features supported yet).\n- A modern web browser.\n\n## Installation.\n\nDownload a package and run the evebox application against your\nexisting Elastic Search server.\n\nExample:\n\n    ./evebox server -e http://localhost:9200\n\nThen visit http://localhost:5636 with your browser.\n\nAvailable downloads including RPM and Debian package repositories can be found\nat [https://evebox.org/#downloads](https://evebox.org/#downloads).\n\n### SELKS\n\nEveBox is also included\nin [SELKS](https://www.stamus-networks.com/selks) which\nprovides Suricata and an ELK stack configured and ready to go.\n\n### Docker\n\nIf you wish to install EveBox with Docker an up to date image is\nhosted on Docker hub.\n\nExample:\n\n```\ndocker pull jasonish/evebox:latest\ndocker run -it -p 5636:5636 jasonish/evebox:latest -e http://elasticsearch:9200\n```\n\nreplacing your __http://elasticsearch:9200__ with that of your Elastic\nSearch URL. You most likely do not want to use localhost here as that\nwill be the localhost of the container, not of the host.\n\nOR if you want to link to an already running Elastic Search container:\n\n```\ndocker run -it -p 5636:5636 --link elasticsearch jasonish/evebox:latest\n```\n\nThen visit http://localhost:5636 with your browser.\n\n## Usage\n\nEveBox runs as a server exposing a web interface on port 5636 by\ndefault.\n\n### With an Existing Elastic Search Server With Events\n\nThe basic mode where `eve` events are being sent to Elastic Search\nwith Logstash and or Filebeat.\n\n```\nevebox server -e http://elasticsearch:9200\n```\n\n### With the Embedded SQLite Database\n\nThis is useful if you don't have Elastic Search and running EveBox on\nthe same machine as Suricata. It uses an embedded SQLite database for\nevents and is suitable for ligher loads. Currently SQLite does not\nsupport reporting.\n\n```\nevebox server -D . --datastore sqlite --input /var/log/suricata/eve.json\n```\n\nMore documentation can be found at http://evebox.readthedocs.io/en/latest/.\n\n## Building EveBox\n\nEveBox consists of a JavaScript frontend, and a backend written in Rust. To\nbuild Evebox the following requirements must first be satisfied:\n\n* Node.js v18 or newer installed.\n* Latest Rust stable.\n\nFirst checkout EveBox:\n\n```\ngit clone https://github.com/jasonish/evebox.git ~/projects/evebox\n```\n\nThen to build the binary:\n```\nmake\n```\n\nOr to build a release package:\n```\nmake dist\n```\n\n### Possible Issues\n\n#### JavaScript heap out of memory\n\nIf you get a JavaScript out of memory issue while building, try setting the\nfollowing environment variable and rebuild:\n\n```\nexport NODE_OPTIONS=\"--max-old-space-size=4096\"\n```\n\n## Run in Development Mode\n\n```\n./dev.sh -e http://elasticsearch:9200\n```\n\nto run in development mode using an Elastic Search datastore at\nhttp://elasticsearch:9200.\n\nThe connect your browser to http://localhost:4200. Note this port is\ndifferent than the EveBox port, as the Angular CLI/Webpack development\nserver is used to serve up the web application with backend requests\nbeing proxied to the Go application.\n\nIn development mode changes to Go files will trigger a\nrecompile/restart, and changes to the web app will trigger a recompile\nof the javascript and a browser refresh.\n\n## Change Log\n\nSee https://github.com/jasonish/evebox/blob/master/CHANGELOG.md .\n\n## License\n\nMIT.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjasonish%2Fevebox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjasonish%2Fevebox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjasonish%2Fevebox/lists"}