Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

SNEZ Home

Gene Guinter

SNEZ

SNĒZ is a web interface to the popular open source IDS program SNORT®. It is written entirely in PHP, minimizing client and server software prerequisites. There is one very simple configuration file with only a handful of parameters to set. This allows for SNĒZ to be dropped onto an IDS server with a minimum number of installation steps and program requirements.

The main design feature of SNĒZ is the ability to filter (or dismiss) alerts rather than require alerts to be deleted after review by the security analyst. At any time, filters can be ‘overridden’ so that all collected alerts can be analyzed for patterns, forensics, etc. Of course, the ability to delete filtered alerts is available.

A main design criteria for SNĒZ is speed, obtained by eliminating nice-to-have but unnecessary features. For example, simple page forward and page backward is provided so that queries do not need to read the entire database to create page numbers. SNĒZ does not reformat or rewrite the IDS database, saving time.

Basic security features include definition of regular analysts and administrators, an adjustable screen timeout, adjustable maximum sign-on attempts and lockout, and the ability to change passwords.

SNORT® is a registered trademark of Sourcefire, Inc. All rights reserved.


  • Gene Guinter
    Gene Guinter
    2011-09-26

    Features

    • Speed
    • Not forced to delete alerts; uses filtering which can be overridden
    • Easy installation; one small config file
    • Simple task-oriented views
    • Support regular users and administrator(s); users can manage their own passwords
    • Adjustable security parameters
    • Provides packet information and data view
    • DNS resolution option

     
    Last edit: Gene Guinter 2011-09-26
    Attachments
  • Gene Guinter
    Gene Guinter
    2011-11-11

    It's a good idea to occassionally review and combine filters. For example, if you've been clearing alerts daily, it can become difficult to see what's filtered because of all the lines on the filter criteria page. Use the date range to set a new single filter, and remove the single-day filters. Remember that all actions are recorded in the log, so there should be no fear of losing the audit trail.

     
  • Gene Guinter
    Gene Guinter
    2012-02-06

    A good way to clean up old alerts is to keep all your signature and ip-based filters intact, and create a new filter of all alerts based on a timeframe. Then from the filter criteria page, delete the alerts related to this new date-based filter, then delete the filter.

     
  • Gene Guinter
    Gene Guinter
    2012-10-10

    SNEZ celebrated his?her?its? 1,000th download today! Thanks for downloading and using SNEZ, reporting bugs, and asking for enhancements.

     
  • Gene Guinter
    Gene Guinter
    2014-01-21

    SNEZ 1.9.2 is a maintenance release, and everyone should upgrade to get the latest maintenance and security fixes.

    SNEZ 1.8 is no longer supported nor available for download. It's easy to upgrade to the latest release, 1.9.2.

    SNEZ 1.10 is close to going beta and is available in the bleeding edge folder.

     
  • Gene Guinter
    Gene Guinter
    2014-01-25

    Too keep performance optimum, it's a good idea to occasionally stop snort and barnyard and use mysqlcheck, ie.
    mysqlcheck --databases snort -vaop
    mysqlcheck --databases SNEZ -vaop

     
  • Gene Guinter
    Gene Guinter
    2014-02-02

    SNEZ 1.10 final is now available for download. Version 1.9.x is also still available. Everyone should upgrade to one of these versions for the latest operational and security fixes. Thank you and enjoy!

     
  • Gene Guinter
    Gene Guinter
    2014-02-04

    README.ssl has a typo in the instructions for creating a self-signed certificate. The instruction step that says 'chmod 600 selfsigned_digi.crt' should say
    'chmod 600 selfsigned_digicert.crt'. Also, the keylength specified in the first openssl command says 1024 a keylength example, but you should use a stronger one such as 2048 if available.

     
  • Gene Guinter
    Gene Guinter
    2014-03-16

    SNEZ has been downloaded over 2,000 times. Thank you for reporting bugs, and recommending enhancements!

     
  • Gene Guinter
    Gene Guinter
    7 days ago

    SNEZ now works on Ubuntu! Well it always did, but you had to modify the install scripts, change file owners, and adjust a few features. Now SNEZ 1.11 alpha provides the option to install on Centos 6.x or Ubuntu 14.04 LTS.

    About SNEZ Bleeding Edge-

    For those wanting the latest features, the 'bleeding edge' folder contains the latest tar file in an alpha or beta release, and matches source code in the git repository. So if you don't mind risking a bloody snout, you can get the latest development features. When reporting problems, please first download and test the latest tar file from the bleeding edge folder.

    To downgrade from a bleeding edge version, just run SNEZinstall from a prior version.

    Thanks for testing the latest SNEZ functions!