Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/shirkdog/hunter-nsm

Simple install script for Snort/Bro IDS with JSON logging on FreeBSD
https://github.com/shirkdog/hunter-nsm

Last synced: 2 months ago
JSON representation

Simple install script for Snort/Bro IDS with JSON logging on FreeBSD

Awesome Lists containing this project

README 

        
Hunter NSM

==========



Simple install script for Snort/Bro IDS with JSON logging on FreeBSD



Copyright (C) 2015 Michael Shirk, Daemon Security Inc.



Hunter NSM is a modular platform for deploying network sensors. Instead of adding additional

security vulnerabilities with the addition of numerous tools, Hunter provides a minimalist approach to achieving

full network monitoring with Bro NSM and Snort IDS.



## Features and Capabilities



 * Automates the installation of Snort or Bro on a FreeBSD server

 * Configures JSON output using ids-tools and Bro native JSON output to work with any type of logging tool.

 * Uses PulledPork to automate signature updates

 * Configures startup scripts to work with FreeBSD



## Key features of Hunter NSM



All logging is configured to output to the /nsm directory (/nsm/bro2 for Bro, /nsm/snort for Snort). Before running 

the script, ensure that you have a enough disk space to log the security data.



Custom configs for Snort:



`/usr/local/bin/snortUpdate.sh` This script runs PulledPork and restarts Snort for rule updates



`/usr/local/bin/snortStartup.sh` This script starts u2json by way of `/etc/rc.local` and reads the snort output from /var/log/snort and writes out JSON events.



`/usr/local/bin/du2json` This script runs u2json with the necessary command line arguments.



Custom configs for Bro:



`/opt/bro2/share/bro/site/local.bro` Updated the default site policy for JSON output