Snorby: Modern Snort IDS frontend

Snorby is a modern Snort IDS frontend. The basic fundamental concepts behind Snorby are simplicity and power. The project goal is to create a free, open source and highly competitive application for network monitoring for both private and enterprise use.

Reports – With the ability to export to many popular formats and index security events for fast searching, Snorby supports XML, CSV and PDF export formats.

Schedule – Setup reports for the future and be notified via email upon completion. Snorby also creates a daily, weekly and monthly report so you always have a snapshot and documentation.

Collaboration – Every security event has the ability for comments and notes. This is very useful if you need a reminder or if you wish to delegate the event to a colleague.

Open source – With a completely open API and with the source at your fingertips the possibilities are endless for customization.

Teammates – This feature lets you add contact information of other peoples and quickly send events to the appropriate parties.

Snorby 2.0 features the following:

• Fully rewritten from the ground up in Rails 3 and Ruby 1.9.2
• Fast, resilient and scalable (with new backend workers)
• Completely redesigned user interface (for new and advanced users)
• Full packet capture support with OpenFPC
• Useful reports and metrics (PDF reports, graphs, email reports)
• Customizable severities and classifications
• Real time event listing using AJAX long polling.
• Supports Snort, Sagan and Suricata
• Revamped and intuitive administration interface.