-
Notifications
You must be signed in to change notification settings - Fork 521
Snorby
-
Developed by Dustin Webber:
https://github.com/snorby/snorby -
Web 2.0, Ajax, Ruby-on-Rails
-
Log into Snorby using the EMAIL ADDRESS and password you specified in Setup
-
Snorby has its own MySQL database (separate from the Sguil and ELSA databases)
-
The Snorby database only stores NIDS alerts from Snort or Suricata
-
Pivot from a NIDS alert in Snorby to CapME to access full packet capture:
https://github.com/Security-Onion-Solutions/security-onion/wiki/CapMeAuthentication -
Pivot from an IP address in Snorby to ELSA for related logs (Bro logs, OSSEC logs, syslog)
-
If you need to wipe the Snorby database, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/WipingSnorby -
Snorby is now considered un-maintained and will be removed from Security Onion in the future, so you should go ahead and begin transitioning to Squert, Sguil, and/or ELSA. To disable Snorby in your existing deployment, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/DisablingProcesses#disabling-snorby
- Introduction
- Use Cases
- Hardware Requirements
- Release Notes
- Download/Install
- Booting Issues
- After Installation
- UTC and Time Zones
- Services
- VirtualBox Walkthrough
- VMWare Walkthrough
- Videos
- Architecture
- Cheat Sheet
- Conference
- Elastic Stack
- Elastic Architecture
- Elasticsearch
- Logstash
- Kibana
- ElastAlert
- Curator
- FreqServer
- DomainStats
- Docker
- Redis
- Data Fields
- Beats
- Pre-Releases
- ELSA to Elastic
- Network Configuration
- Proxy Configuration
- Firewall/Hardening
- Email Configuration
- Integrating with other systems
- Changing IP Addresses
- NTP
- Managing Alerts
- Managing Rules
- Adding Local Rules
- Disabling Processes
- Filtering with BPF
- Adjusting PF_RING for traffic
- MySQL Tuning
- Adding a new disk
- High Performance Tuning
- Trimming PCAPs