Boar - Snort IDS Alert Visualization
This project visualizes Snort IDS alert data from the barnyard2 MySQL database in real-time using modern Python data analytics.
Features:
-
'Big Data' style visualization for overview of attacks.
-
Real-Time capability with updating plots.
-
Utilises Bokeh, a modern Python visualization library.
-
Ability to hover over individual alerts in realtime.
Example Dashboard:
Architecture:
Python Software Dependancies:
SQLAlchemy==1.1.5
pandas==0.19.2
bokeh==0.12.4
Flask=0.12.1
mysqlclient=1.3.9
Intrusion Detection System Server Dependancies:
Snort==2.9.9.0 (Intrusion detection System)
PulledPork==0.7.2 (Automatically Updating Rulesets)
Barnyard2==2.1.14 (Spooler and Database)
Configuration:
Before executing the software, a configuration file (config.py) must be created.
This will allow connection of the visualization software to your database.
This file should be saved in the Boar main foldler with information of your
barnyard2 MySQL database like so;
config.py line 1 - mysql = {'connection': 'mysql://root:toor@127.0.0.1:3306/snort'}
Remember to change the database username, password and address to your specific system.
Useage: To execute the software, use the following command from parent directory;
bokeh serve --show Boar