What is Snort ?
Snort is an Open Source IDS / IPS (Intrusion Detection & Prevention System) created in 1998 by SourceFire and now developped by Cisco (SourceFire acquisition in 2013).
Snort analyzes traffic on one or more network interfaces according to activated rules (e.g. Emerging Threat Open, etc.), and generates messages for each event matching on of its rules. Those messages can be sent to the ServicePilot web interface in real-time by syslog.
Snort Syslog monitoring
This package performs a pre-built search to count Snort Events by severity and includes a template dashboard in order to automatically analyze data across Snort Syslogs messages sent to ServicePilot.
The built-in dashboard displays Snort events by types, top alert messages and signatures, as well as alert classifications over time.
Sending Snort events with Syslog messages to ServicePilot allows to get a web based console to view Snort events, with built-in custumizable dashboards, alerts, PDF reports, as well as other ServicePilot software features such as marchine learning algorithms, tactical monitoring maps and custom searches.