A simple web gui for snort. Snort is an Intrusion Detection System and alarms when dangerous activity is happening in your network.
- List events and view their protocol headers and signature info
- View activity over different time periods in charts
- Top 5 statistics
- Direct link from events to AbuseIPDB and Snort rule docs
- Bunch together duplicate events
- More filter options for events
- Option to limit access with login
- Some styling issues in event page for smaller screens
- Decrease the need of reloading the hole page
- Display IPv6 addresses correctly
- Collapse an event view when an expanded event is clicked again
Prerequisities: snort, barnyard2, php, mysql, and any webserver will do.
snort.org have a lot of useful documentation on how to install Snort (and sometimes the other prerequisities too!) on different systems. Bristle have been testet for Snort 2.9.9.x
- Clone the repository and copy all files except git files to your www directory.
- Rename conf.php.example to conf.php
- Change the content in conf.php in accordance to your database setup. Bristle is using the same database as barnyard2.
Sergio have been kind enough to host a live Demo of bristle for a snort instance running against a free internet proxy. https://sergiomitm.com/bristle/index.php
Don't hesitate asking questions about install or other problems. I will also gladly receive requests about new functionality.