// arsenal·Blue TeamIntermediateFOSS

Snort

The original open-source network intrusion detection system.

Blue Team

$ snort --help

Snort

// what it is

Description

Martin Roesch's IDS from 1998, now under Cisco Talos. Signature-based detection, rule language familiar to every blue-teamer, current major version Snort 3.

// use cases

What people use it for

Network IDS deployment
Signature-based detection

// commands

The commands you'll type

Run with config

$ snort -c /etc/snort/snort.conf -A console -q

// facts

category: Blue Team
platforms: LIN · WIN · MAC
license: FOSS
difficulty: Intermediate

// links

Official site

// related in Blue Team

Blue TeamIntermediate

Suricata

OISF's multi-threaded NIDS — modern Snort-rule-compatible alternative.

FOSS

LIN·WIN·MAC

open entry →

Blue TeamIntermediate

Wazuh

Open-source XDR + SIEM platform — OSSEC fork with modern dashboards.

FOSS

LIN·WIN·MAC

open entry →

Blue TeamIntermediate

TheHive

Open-source security incident response platform — case management for the SOC.

FOSS

LIN

open entry →