Version : Snort 2.9 and later.
Snort IDS is an open-source intrusion detection system that analyze network traffics in real-time and provides data packet logging. It detects potentially malicious activities by employing a rule-based language that integrates anomaly, protocol, and signature inspection methods.
Netsurion Open XDR monitors Snort events retrieved via syslog. Dashboard, category, alerts, and reports in Netsurion Open XDR will benefit you in tracking possible attacks, suspicious activities, or any other threat based on rules defined in the Snort configuration file.
Netsurion Data Source Integrations for Snort IDS allows you to monitor the following components:
- Security – Alerts and Reports for all security-related events.
Once Snort IDS auditing is enabled and Snort IDS logs are received in Netsurion Open XDR, configure alerts and reports.
The following are the key Data Source Integration available in Netsurion Open XDR.
|Security||Snort IDS – Critical threat detected||This alert is generated for priority one (Priority 1) based logs.|
|Security||Snort IDS – Potential attacks detected||This alert is generated for priority two (Priority 2) based logs.|
|Security||Snort IDS – Activity Overview||This report provides information about all the activities that take place in Snort IDS.|
The configuration details are consistent with Netsurion Open XDR 9.2 or later, and Snort 2.9 and later.