Websnort Documentation

Websnort is an Open Source web service for analysing pcap files with intrusion detection systems such as snort and suricata.

It allows multiple configurations of IDS setups and rulesets to be defined for running against submitted samples. Its primary use case is for analysing short network captures from sandboxes and honeypots but can be used in any scenario where there is a need to scan pcap samples.

This guide will explain how to deploy websnort in different environments and example configurations.

Source code for websnort is hosted on GitHub. Any bug reports or feature requests can be made using GitHub’s issues system.

Features

  • Support for Suricata and Snort
  • Easy to extend support for other intrusion detection systems
  • Parallel execution of multiple configurations and rulesets
  • Simple Web API for integrating with other systems

Issues

If you encounter problems with websnort, please refer to the Troubleshooting section of the documentation.