SNEZ Home

Gene Guinter

SNEZ

SNĒZ is a web interface to the popular open source IDS program SNORT®. It is written entirely in PHP, minimizing client and server software prerequisites. There is one very simple configuration file with only a handful of parameters to set. This allows for SNĒZ to be dropped onto an IDS server with a minimum number of installation steps and program requirements.

The main design feature of SNĒZ is the ability to filter (or dismiss) alerts rather than require alerts to be deleted after review by the security analyst. At any time, filters can be ‘overridden’ so that all collected alerts can be analyzed for patterns, forensics, etc. Of course, the ability to delete filtered alerts is available.

A main design criteria for SNĒZ is speed, obtained by eliminating nice-to-have but unnecessary features. For example, simple page forward and page backward is provided so that queries do not need to read the entire database to create page numbers. SNĒZ does not reformat or rewrite the IDS database, saving time.

Basic security features include definition of regular analysts and administrators, an adjustable screen timeout, adjustable maximum sign-on attempts and lockout, and the ability to change passwords.

SNORT® is a registered trademark of Sourcefire, Inc. All rights reserved.


Discussion

  • Gene Guinter

    Gene Guinter - 2012-10-10

    SNEZ celebrated his?her?its? 1,000th download today! Thanks for downloading and using SNEZ, reporting bugs, and asking for enhancements.

     
  • Gene Guinter

    Gene Guinter - 2014-01-25

    Too keep performance optimum, it's a good idea to occasionally stop snort and barnyard and use mysqlcheck, ie.
    mysqlcheck --databases snort -vaop
    mysqlcheck --databases SNEZ -vaop

     
  • Gene Guinter

    Gene Guinter - 2014-02-04

    README.ssl has a typo in the instructions for creating a self-signed certificate. The instruction step that says 'chmod 600 selfsigned_digi.crt' should say
    'chmod 600 selfsigned_digicert.crt'. Also, the keylength specified in the first openssl command says 1024 a keylength example, but you should use a stronger one such as 2048 if available.

     
  • Gene Guinter

    Gene Guinter - 2014-03-16

    SNEZ has been downloaded over 2,000 times. Thank you for reporting bugs, and recommending enhancements!

     
  • Gene Guinter

    Gene Guinter - 2014-07-04

    SNEZ now works on Ubuntu! Well it always did, but you had to modify the install scripts, change file owners, and adjust a few features. Now SNEZ 1.11 alpha provides the option to install on Centos 6.x or Ubuntu 14.04 LTS.

    About SNEZ Bleeding Edge-

    For those wanting the latest features, the 'bleeding edge' folder contains the latest tar file in an alpha or beta release, and matches source code in the git repository. So if you don't mind risking a bloody snout, you can get the latest development features. When reporting problems, please first download and test the latest tar file from the bleeding edge folder.

    To downgrade from a bleeding edge version, just run SNEZinstall from a prior version.

    Thanks for testing the latest SNEZ functions!

     
  • Gene Guinter

    Gene Guinter - 2014-08-26

    SNEZ 1.11 was just released, providing install scripts and features tested on Ubuntu 14.04 LTS. So now you have the option to install on Centos or Ubuntu.

     
  • Gene Guinter

    Gene Guinter - 2014-08-27

    Experimental installation script and code changes are available for SNEZ on SUSE. Email gene@geneguinter.com

     
  • Gene Guinter

    Gene Guinter - 2014-11-02

    Security Update Released

    SNEZ-1.11.1 has been released and fixes a security flaw. All users should uininstall/install or upgrade*. This update also fixes errors in the display of rule documentation.

    (* fix requires making your settings in SNEZconfig.php in /opt/SNEZ/SNEZ-1.11.1 directory, and running SNEZconfiginstall after SNEZinstall, step 8 in the README).

    For those unable to upgrade to SNEZ 1.11.1 at this time, a hotfix, HF20141102 is available in the Hotfix folder and can be applied to all prior versions. A README is provided with installation instructions. It is strongly recommended that the hotfix is applied.

    SNEZ 1.9 and 1.10 are no longer downloadable. Fixes will continue to be applied to SNEZ 1.11.

     
    Last edit: Gene Guinter 2014-12-26
  • Gene Guinter

    Gene Guinter - 2014-12-26

    An update was made to the prior wiki entry to better explain the (highly) recommended security fix provided by SNEZ 1.11.1

     
  • Gene Guinter

    Gene Guinter - 2015-01-03

    SNEZ is Snort++ (aka Snort 3.0) ready. SNEZ 1.11.2 was released today as a maintenance release to address some bugs and a security issue. However, it was also tested against the alpha version of Snort 3.0. In addition, SNEZ now contains install scripts for Centos, Ubuntu, and OpenSuSe.

     
  • Gene Guinter

    Gene Guinter - 2015-09-07

    HF20150907 released today for SNEZ 1.11.1 and 1.11.2 to fix issues with looking up rules and rule references. This fix will be included in a forthcoming maintenance release. Download from the hotfix folder and move to /opt/SNEZ/SNEZ.v.r.m. Then tar -xzvf HF20150907.tar.gz, cd HF20150907 and read the README file (provides some warnings and instructs to run either ./hotfix or ./hotfix.suse from the directory).

     
  • Gene Guinter

    Gene Guinter - 2015-09-17

    SNEZ 1.11.3 released today. Fixed error addressed in hotfix HF20150907 (applicable to 1.11.1 and2) related to rule lookups and references. Fixed other minor issues and documentation errors.

    Check back often for new releases and hotfixes addressing errors, including security-related fixes and updates.

     
  • Gene Guinter

    Gene Guinter - 2016-01-05

    SNEZ has been now been downloaded over 3,000 times.

     
  • Gene Guinter

    Gene Guinter - 2016-02-07

    SNEZ 1.11.4 released. This is a minor release that updates copyright information and deprecates several modules related to upgrade paths from versions prior to 1.10. If you are currently on 1.11.3, you do not need to upgrade, as no new features or fixes are included.

    If you are already on 1.11.2, you should consider upgrading to SNEZ 1.11.4, but you do not need to do so.

    SNEZ 1.11.3 is still provided as an upgrade path for anyone on a release prior to 1.11.2. FOR UP-TO-DATE SECURITY FIXES, YOU SHOULD UPGRADE to 1.11.3 NOW.

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks