What is Snort?
Snort is an open-source IDS/IPS (Intrusion Detection & Prevention System) initially developed by SourceFire in 1998. It was acquired in 2013 and is currently managed by Cisco. Snort analyzes network traffic across one or more network interfaces based on a set of activated rules, which can include rules from various sources like the Proofpoint Open Emerging Threat ruleset, among others. Its rule-based traffic analysis allows for versatile and granular network monitoring. Snort generates messages for every event that matches one of its rules which can be sent in real-time via syslog for centralized analysis.
Snort's alerts and messages can be integrated seamlessly with the ServicePilot web interface in real-time using syslog. This provides security administrators with a centralized view of security events, simplifying the process of managing and responding to security threats. It also leverages other ServicePilot features such as advanced alerting, Machine Learning analytics, custom maps, dashboards, automated PDF reporting and more.
How to monitor Snort?
ServicePilot makes it easy to monitor Snort requiring minimal configuration on the target device. A resource of the security-snort package then needs to be added via the ServicePilot web interface.
ServicePilot automatically performs a pre-built search to count Snort Events by severity and includes a template dashboard in order to analyze data across Snort syslog messages sent to ServicePilot.
The built-in dashboard displays Snort events by types, top alert messages and signatures, as well as alert classifications over time.
Sending Snort events with Syslog messages to ServicePilot provides a web based console to view Snort events, with built-in custumizable dashboards, alerts, PDF reports, as well as other ServicePilot software features such as marchine learning algorithms, tactical monitoring maps and custom searches.
How to install a snort resource?
- Use your ServicePilot OnPremise installation or a SaaS account.
- Add a new snort resource via the web interface (
/prmresources) or via API (
/prmpackagespage), the default ServicePilot agent or another agent will be provisioned automatically.
Details of the snort package are located in the
/prmpackagespage of the software.
ServicePilot enables you to deliver IT services faster and more securely with automated discovery and advanced monitoring features.
By correlating the technology SNORT with APM and infrastructure monitoring, ServicePilot is able to provide a more comprehensive view of an organization's IT environment.
This allows IT teams to quickly identify and diagnose issues that may be impacting application performance, and take corrective action before end-users are affected.