https://github.com/redborder/snort

Sourcefire's Snort with redBorder's patches
https://github.com/redborder/snort

Last synced: 2 months ago
JSON representation

Sourcefire's Snort with redBorder's patches

• Host: GitHub
• URL: https://github.com/redborder/snort
• Owner: redBorder
• License: other
• Created: 2015-05-04T14:24:07.000Z (about 11 years ago)
• Default Branch: master
• Last Pushed: 2024-06-24T14:20:37.000Z (about 2 years ago)
• Last Synced: 2024-06-24T16:04:19.947Z (about 2 years ago)
• Language: C
• Homepage:
• Size: 21.3 MB
• Stars: 6
• Watchers: 13
• Forks: 6
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • Changelog: ChangeLog
  • License: COPYING

Awesome Lists containing this project

README

          
redBorder Snort

===============

redBorder's Snort with some improvements:

* Creating a parent pid (ppid) file, in order to be able to track pf_ring statistics

* Alert Threshold limits / suppressions can now be tracked by src and dst at the same time

* Added "dont_rotate_on_packets" unified2 option, in order to avoid lonely packets on barnyard

* u2boat is able to filter by gid, sid, timestamp range, and output as text

* Created snort_iplist, in order to be able to reload iplist entries via control socket

* shared memory name now include redborder instance group id

* Integrated geo-ip in reputation preprocessor, so you can block or bypass traffic depending on src/dst geographic location

* In File Preprocessor: Including further information in ExtraData fields as SHA256, file size, hostname and URI

* In File Preprocessor: Integrated sending captured files to S3