It is mounted on Linux UBUNTU 10.04 LTS. It is a fully configured and ready-to-use system. Created by Phillip Bailey.
Let's now look at the two main components of Smooth-Sec: Suricata and Snorby.
Meerkat
This is the IDS/IPS engine of The Open Information Security Foundation. It is Open Source and has special features that make Suricata a very interesting engine. It is also fully compatible with Snort and Emerging Threads rules.We highlight among the characteristics of Suricata:
Multi-Threaded Processing. One of the most important features of Suricata that allows the execution of several processes / threads simultaneously. We can then assign the number of threads per CPU/Cores and which threads. In this way it is able, among other things, to porcesar a large number of packages simultaneously thus increasing performance.
Automatic Protocol Detection. Apart from the IP, TCP, UDP and ICMP protocols, Suricata has keywords for other protocols such as FTP, HTTP, TLS, SMB. That way we can write rules regardless of the port that a protocol uses, either by default or not since it is automatically detected.
Performance Statistics. Statistics and performance analysis. These statistics are dumped into the file /var/log/suricata/stat.log.
HTTP Log Module. Suricata, regardless of alerts, dumps all HTTP requests (both from HOME_NET> EXTERNAl_NET and in the ciontrario sense) into a /var/log/http.log file. The log of these requests is stored in Apache Log format.
Gzip decompression by the HTTP parser.
It supports, like Snort, Unified2 Output.Supports IPv6.
Snorby
Snorby is a web front-end for sensor-based IDS/IPS alert management. In the case of Smooth-Sec based on Suricata engine. Its graphical interface is very simple with a wide and intuitive view of the display of alerts.In summary, with Snorby we can have a quick view of the alerts generated by the different meerkat sensors through an intuitive and attractive interface.
The version used by Smooth-Sec of Snorby is 2.2.5
Full Content on DaboWeb and Security and Networks
