Hello I am looking for some gui for Surricata IDS. I tried Snorby from Snort but it is impossible to install it nowadays due to ruby compatibility. Any idea what to use ? Thank you
Asked
Active
Viewed 4,530 times
1 Answers
0
If you are looking for rules management there is Scirius (I haven't tried it yet): https://github.com/StamusNetworks/scirius
For viewing the logs ingesting them into ELK stack seems to be the easiest way. Suricata logs are already in JSON format so logstash can easily read them and pass to Elasticsearch. You could also find some inspiration for dashboard here: https://github.com/StamusNetworks/KTS5
Mateusz Mrozewski
- 2,151
- 1
- 19
- 28