Snorby is a modern Snort IDS frontend. The basic fundamental concepts behind Snorby are simplicity and power. The project goal is to create a free, open source and highly competitive application for network monitoring for both private and enterprise use.
Reports – With the ability to export to many popular formats and index security events for fast searching, Snorby supports XML, CSV and PDF export formats.
Schedule – Setup reports for the future and be notified via email upon completion. Snorby also creates a daily, weekly and monthly report so you always have a snapshot and documentation.
Collaboration – Every security event has the ability for comments and notes. This is very useful if you need a reminder or if you wish to delegate the event to a colleague.
Open source – With a completely open API and with the source at your fingertips the possibilities are endless for customization.
Teammates – This feature lets you add contact information of other peoples and quickly send events to the appropriate parties.
Snorby 2.0 features the following:
- Fully rewritten from the ground up in Rails 3 and Ruby 1.9.2
- Fast, resilient and scalable (with new backend workers)
- Completely redesigned user interface (for new and advanced users)
- Full packet capture support with OpenFPC
- Useful reports and metrics (PDF reports, graphs, email reports)
- Customizable severities and classifications
- Real time event listing using AJAX long polling.
- Supports Snort, Sagan and Suricata
- Revamped and intuitive administration interface.