SNORT (IDS/IPS)

Scope Of Work:

Established a virtualized environment using VirtualBox (Oracle's Type-2 Hypervisor), configuring two Virtual Machines: one running Ubuntu as the target and the other running Kali Linux to generate network traffic. Successfully executed an NMAP command aimed at the Honeypot, resulting in SNORT (IDS/IPS) promptly detecting and triggering the rule, accompanied by a relevant alert message.

Tools:

  • Oracle VM VirtualBox

  • OS1: Kali Linux

  • OS2: Ubuntu

  • NMAP

  • SNORT (IDS/IPS)

  • SNORPY (Snort Rule Creator)


Lesson Learned:

  • Log Analytics

  • Virtualization (HoneyPot)

  • Intrusion Detection System (IDS)

  • Network Scanning


Challenges:

The main hiccup I faced was getting Snort set up, but once that hurdle was cleared, it was smooth sailing. Just had the two devices communicate and capture the traffic.


Resources:


Images:


Previous
Previous

Nessus Vulnerability Scanner

Next
Next

Microsoft Cloud SIEM