git clone https://github.com/Lanakod/snort-docker.git
cd snort-docker
cp .env.example .env
# Edit ".env" file via "nano .env" or "vi .env"
docker compose up -d
# Grafana will be hosted on port 3000 and ELK on 5601
configs
┣ snort-conf
┃ ┣ balanced.lua
┃ ┣ connectivity.lua
┃ ┣ file_magic.rules
┃ ┣ inline.lua
┃ ┣ max_detect.lua
┃ ┣ security.lua
┃ ┣ sensitive_data.rules
┃ ┣ snort.lua
┃ ┣ snort_defaults.lua
┃ ┗ talos.lua
┣ filebeat.yml
┣ logstash.conf
┣ promtail.yml
┣ snort.rules
┗ supervisord.conf
snort.rules - your custom written rules for snortfilebeat.yml - config file for filebeat | needed for ELKlogstash.yml - config file for logstash | needed for ELKpromtail.yml - config file for promtail | needed for Grafanasupervisord.conf - config file that runs snort in supervisorsnorf-conf - folder with all snort config files written in lua
grafana
┗ provisioning
┃ ┗ datasources
┃ ┃ ┗ loki.yml
- In grafana folder can be found
loki.yml file
- For any security issues, please do not create a public issue on GitHub, instead please write to security@lanakod.ru