Web service for analysing pcap files with snort
Web service for analysing pcap files with intrusion detection systems such as snort and suricata.
websnort provides a web interface for user and system submission of packet capture files to run against IDS instances. Alerts and details from the analysis are returned as results.
If you are after a web interface for monitoring a running snort instance, see https://www.snort.org/downloads#additional-downloads instead.
While originally developed specifically for snort. Recent releases support a flexible IDS plugin system which also supports suricata out of the box.
websnort can be configured to run the same submitted packet capture against any number of IDS instances, configs and rulesets. This allows broader coverage and comparison between installs and rule versions.
Install snort if needed:
sudo apt-get install snort
Optional Disable running snort service if only required for this web api:
sudo service snort stop sudo update-rc.d snort disable
On recent ubuntu/debian releases the default snort.conf is not world readable. Unless planning to run the web service as root (not recommended) you will need to modify the permissions, for example:
sudo chmod a+r /etc/snort/snort.conf
Install web service using pip:
sudo pip install websnort
Start the websnort web server on the default port:
Browse to http://server:8080 and submit a pcap file for analysis.
Navigate to http://server:8080/api for details of provided json web api.
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size & hash SHA256 hash help||File type||Python version||Upload date|
|websnort-0.4-py2-none-any.whl (108.0 kB) Copy SHA256 hash SHA256||Wheel||2.7||Aug 31, 2014|
|websnort-0.4.tar.gz (107.8 kB) Copy SHA256 hash SHA256||Source||None||Aug 31, 2014|