So I finally replaced my broken Snorby box with a new machine and went hunting to see if there were any new Snorby versions. When I hit their site I saw something I haven’t seen before called “Security Onion” I jumped at the opportunity to try something new and play with what it has to offer. I loaded it up on a VM and started playing with the applications it provides. It has Snort and Barnyard2 running with the Snorby web interface which I love for its great layout and ease of use. It also runs Squert another web based Snort front end so you can pick what you like best or even use both. There are countless other tools on the box also for testing the network and monitoring it. It runs on Xubuntu and runs a full GUI desktop but I am not using it for that only for Snort and Snorby really but I do like playing with all the other features once and a while. If you are interested in IDS or NSM this is a tool to check out if you haven’t yet it takes only a few minutes to get it online and is worth the time. Right now I have it running on a physical box monitoring my network and its been doing great so far.
Links: