docker-suricata - A Suricata Docker image.

  •        149

which will map the logs directory (in your current directory) to the Suricata log directory in the container so you can view the Suricata logs from outside the container. This will expose /var/log/suricata from the Suricata container as /var/log/suricata in the Logstash container.

https://hub.docker.com/r/jasonish/suricata/
https://github.com/jasonish/docker-suricata

Tags
Implementation
License
Platform

   




Related Projects

Suricata IDS - Network threat detection engine

  •    C

The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing. Suricata inspects the network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats.

suricata - Mirror of the official OISF Suricata git repository

  •    C

Mirror of the official OISF Suricata git repository

pytbull

  •    Python

pytbull is an Intrusion Detection/Prevention System (IDS/IPS) Testing Framework for Snort, Suricata and any IDS/IPS that generates an alert file. It can be used to test the detection and blocking capabilities of an IDS/IPS and to validate config.

Suricata

  •    PHP

It's a project administrator manager based on PHP and PHP::DB, capable to administrate tasks, resources and generate Gantt charts and job entries charts.

snorby - Ruby On Rails Application For Network Security Monitoring

  •    HTML

Snorby is a ruby on rails web application for network security monitoring that interfaces with current popular intrusion detection systems (Snort, Suricata and Sagan). The basic fundamental concepts behind Snorby are simplicity, organization and power. The project goal is to create a free, open source and highly competitive application for network monitoring for both private and enterprise use. Get Snorby from the download section or use the latest edge release via git.


OpenWIPS-ng - Wireless Intrusion Prevention System

  •    C

OpenWIPS-ng is an open source and modular Wireless IPS (Intrusion Prevention System). It is composed of three parts: Sensor(s): "Dumb" devices that capture wireless traffic and sends it to the server for analysis. Also responds to attacks. Server: Aggregates the data from all sensors, analyzes it and responds to attacks. It also logs and alerts in case of an attack. Interface: GUI manages the server and displays information about the threats on your wireless network(s).

Sguil - The Analyst Console for Network Security Monitoring

  •    Tcl

Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis.

security-onion - Linux distro for intrusion detection, enterprise security monitoring, and log management

  •    

For more information about Security Onion, please see our main website, blog, and wiki. This repo contains the ISO image, Wiki, and Roadmap for Security Onion.

dagda - a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities

  •    Python

Dagda is a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities. In order to fulfill its mission, first the known vulnerabilities as CVEs (Common Vulnerabilities and Exposures), BIDs (Bugtraq IDs), RHSAs (Red Hat Security Advisories) and RHBAs (Red Hat Bug Advisories), and the known exploits from Offensive Security database are imported into a MongoDB to facilitate the search of these vulnerabilities and exploits when your analysis are in progress.

hashids

  •    Javascript

A small JavaScript library to generate YouTube-like ids from numbers. Use it when you don't want to expose your database ids to the user.

glacier-cli - Command-line interface to Amazon Glacier

  •    Python

This tool provides a sysadmin-friendly command line interface to Amazon Glacier, turning Glacier into an easy-to-use storage backend. It automates tasks which would otherwise require a number of separate steps (job submission, polling for job completion and retrieving the results of jobs). It provides integration with git-annex, making Glacier even more useful. glacier-cli uses Amazon Glacier's archive description field to keep friendly archive names, although you can also address archives directly by using their IDs. It keeps a local cache of archive IDs and their corresponding names, as well as housekeeping data to keep the cache up-to-date. This will save you time because you won't have to wait spend hours retrieving inventories all the time, and will save you mental effort because you won't have to keep track of the obtuse archive IDs yourself.

obfuscate_id - A simple Rails plugin to mix up resource ids a bit.

  •    Ruby

Sequential ActiveRecord ids become non-sequential, random looking, numeric ids. If your site is scaling well, you might not want to leak that you are getting 50 new posts a minute.

shortid - Super short, fully unique, non-sequential and URL friendly Ids

  •    Go

The package is heavily inspired by the node.js shortid library (see more detail below). The package guarantees the generation of unique Ids with no collisions for 34 years (1/1/2016-1/1/2050) using the same worker Id within a single (although can be concurrent) application provided application restarts take longer than 1 millisecond. The package supports up to 32 workers all providing unique sequences from each other.

Moloch - Large scale, full packet capturing, indexing, and database system

  •    Javascript

Moloch is an open source, large scale, full packet capturing, indexing, and database system. Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP browsing, searching, and exporting.

Octopussy - Perl/XML Logs Analyzer, Alerter & Reporter

  •    Perl

Octopussy is a Log analyzer tool. It analyzes the log, generates reports and alerts the admin. It has LDAP support to maintain users list. It exports report by Email, FTP & SCP. Scheduled reports could be generated. RRD tool to generate graphs.

RoofTop

  •    Java

RoofTop is a network/systems monitoring (NSM) tool that leverages SNMP standards to deliver critical health and performance monitoring through device based reports and graphs, event notifications, alerts, and configurable alarm thresholds.

awesome-docker - :whale: A curated list of Docker resources and projects

  •    Javascript

A curated list of Docker resources and projects Inspired by @sindresorhus' awesome and improved by these amazing contributors. The creators and maintainers of this list do not receive any form of payment to accept a change made by any contributor. This page is not an official Docker product in any way. It is a list of links to projects and is maintained by volunteers. Everybody is welcome to contribute. The goal of this repo is to index open-source projects, not to advertise for profit.

Portainer - Simple management UI for Docker

  •    Javascript

Portainer is a lightweight management UI which allows you to easily manage your different Docker environments (Docker hosts or Swarm clusters). Portainer is meant to be as simple to deploy as it is to use. It consists of a single container that can run on any Docker engine (can be deployed as Linux container or a Windows native container). It allows you to manage your Docker containers, images, volumes, networks and more ! It is compatible with the standalone Docker engine and with Docker Swarm mode.

docker - Docker Official Image packaging for Docker

  •    Shell

This is the Git repo of the Docker "Official Image" for docker (not to be confused with any official docker image provided by docker upstream). See the Docker Hub page for the full readme on how to use this Docker image and for information regarding contributing and issues. The full description from Docker Hub is generated over in docker-library/docs, specifically in docker-library/docs/docker.

prometheus - A docker-compose stack for Prometheus monitoring

  •    

Before we get started installing the Prometheus stack. Ensure you install the latest version of docker and docker swarm on your Docker host machine. Docker Swarm is installed automatically when using Docker for Mac or Docker for Windows.Clone the project locally to your Docker host.