SNORT-GUI icon indicating copy to clipboard operation
SNORT-GUI copied to clipboard

Published 20 hours ago verified publisher icon WhiteHatCyberus

Metadata

SNORT GUI: Your very own trusted blueteam forensic companion for SNORT IDS. OPTIMIZED, SECURE AND ABSOLUTELY FREE!

SNORT GUI Python-tkinter

Warning: This application is Completed as of May 2023, further updates to the application are discontinued and bears no warranty in the future. As of now , May, 2023, the application runs optimally, keeping in mind the security and complexity of the current real world network scenario. Usage of this application for commercial or educational use requires scrutiny of network administrative personnel. Any loss in data, damage to configuration should be under user discretion.

About

A actively developed blue team application for SNORT, a popular Intrusion Detection/Prevention System intended for forensic, incident handling and analysis of network abnormalities.

Table of Contents

  1. Research Architecture
  2. SNORT GUI v3
    • Pre-requisite
    • Download
    • Installation
  3. Connect with Me
  4. Credits

Research Architecture

Research Architecture

SNORT GUI v3

STATUS: :heavy_check_mark:

The SNORT GUI main program consists of:

  • SNORT Rule Generator: Open, Write, Save .rules files - Pre-incident/Preparation
  • Open Configuration Files: Manually Open .conf and .rules files - Pre-incident/Preparation
  • Alert Log Analyzer: Analyze SNORT alerts and distinguishing them by protocols and ports for ease of documentation for cyberforensics - Post-incident/Forenisc Analysis
  • Run SNORT: Runs the SNORT application in Intrusion Detection System Mode.
snort -A console -A fast -q -i <network_interface> -c <configuration_file> -l <log_folderpath>

:bangbang: Help: covers snort-gui documentation and usage, simulation guides, walkthroughs, snort rule formulation, basic attack and mitigation walkthroughs.

Pre-requisite

  1. A Linux distro that has snort installed (preferably Ubuntu).

Download

  1. Download the latest snortgui-ENTERPRISE.zip release (tag: v3) available in the "Releases" tab.
  2. Alternatively, download via Git, and navigate to "snort/snortgui/" for application files.

Note: If you opt for method 2, rename the resources folder to .resources.

Installation

  1. For first-time installation, run:
sudo python3 installer.py

Terms and Condition

Figure 1.1: Terms and Conditions

Installing resources

Figure 1.2: Installing resources

  1. After installation, you can launch the application by running:
sudo python3 snortgui.py

SNORT GUI main menu

Figure 2.1: SNORT GUI main menu

Rule Generator GUI

Figure 2.2: Rule Generator GUI

Log Analyzer

Figure 2.3: Log Analyzer Tool

  1. Run SNORT IDS:

Run SNORT

Figure 3.1: Configuring SNORT

SNORT running

Figure 3.2: Running SNORT

Note: SNORT GUI v3 features security patches and bug fixes with a help and support centre to explain snort-gui usage. Make sure you download the latest stable release of snortgui-ENTERPRISE.zip(tag: v3) to run the application hassle free.

Connect with me

Credits

Thank you ChrisJD20 for your preliminary contribution to the snort rule generator.

Metadata

18
Stars
8
Forks
Watchers

Owner

verified publisher icon WhiteHatCyberus

Metadata

SNORT GUI: Your very own trusted blueteam forensic companion for SNORT IDS. OPTIMIZED, SECURE AND ABSOLUTELY FREE!

Back