cloudflash-snort
v0.1.1
Published
cloudflash snort module implements snort configuration on unix systems
Downloads
4
Readme
cloudflash-snort
List of snort APIs
List snort configuration
Verb URI Description
GET /snort/config List summary of snort configured.Note: The request does not require a message body.
Success: Returns JSON data with list of snort configured.
Response
[
{
"id": "545e9e78-4cf2-4787-be89-f553c0d96a57",
"config":
{
"var_section":
{
"HOME_NET": "any",
"EXTERNAL_NET": "any",
"DNS_SERVERS": "$HOME_NET",
"SMTP_SERVERS": "$HOME_NET",
"HTTP_SERVERS": "$HOME_NET",
"SQL_SERVERS": "$HOME_NET",
"TELNET_SERVERS": "$HOME_NET",
"SNMP_SERVERS": "$HOME_NET",
"HTTP_PORTS": 80,
"SHELLCODE_PORTS": "!80",
"ORACLE_PORTS": 1521,
"AIM_SERVERS": "[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]"
},
"preprocessor":
[
{
"preprocessor stream5_global": "max_tcp 8192, track_tcp yes, track_udp yes, track_icmp no",
"preprocessor stream5_tcp": "policy first, use_static_footprint_sizes",
"preprocessor stream5_udp": "ignore_any_rules"
},
{
"preprocessor http_inspect": "global \ iis_unicode_map unicode.map 1252"
},
{
"preprocessor http_inspect_server": "server default \ profile all ports { 80 8080 8180 } oversize_dir_length 500"
},
{
"preprocessor rpc_decode": "111 32771",
"preprocessor": "bo"
},
{
"preprocessor sfportscan": "proto { all } \ memcap { 10000000 } \ sense_level { low }"
},
{
"output unified": "filename events.log,limit 1"
},
{
"config flowbits_size": 256,
"config detection": "search-method lowmem"
}
],
"include":
[
"classification.config",
"reference.config",
"generated.rules"
]
}
}
]Configure snort
Verb URI Description
POST /snort/config Create snort configuration.Example Request and Response
Request JSON
{
"var_section": {
"HOME_NET": "any",
"EXTERNAL_NET": "any",
"DNS_SERVERS": "$HOME_NET",
"SMTP_SERVERS": "$HOME_NET",
"HTTP_SERVERS": "$HOME_NET",
"SQL_SERVERS": "$HOME_NET",
"TELNET_SERVERS": "$HOME_NET",
"SNMP_SERVERS": "$HOME_NET",
"HTTP_PORTS": 80,
"SHELLCODE_PORTS": "!80",
"ORACLE_PORTS": 1521,
"AIM_SERVERS": "[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]"
},
"preprocessor": [
{
"preprocessor stream5_global": "max_tcp 8192, track_tcp yes, track_udp yes, track_icmp no",
"preprocessor stream5_tcp": "policy first, use_static_footprint_sizes",
"preprocessor stream5_udp": "ignore_any_rules"
},
{
"preprocessor http_inspect": "global \\ iis_unicode_map unicode.map 1252"
},
{
"preprocessor http_inspect_server": "server default \\ profile all ports { 80 8080 8180 } oversize_dir_length 500"
},
{
"preprocessor rpc_decode": "111 32771",
"preprocessor": "bo"
},
{
"preprocessor sfportscan": "proto { all } \\ memcap { 10000000 } \\ sense_level { low }"
},
{
"output unified": "filename events.log,limit 1"
},
{
"config flowbits_size": 256,
"config detection": "search-method lowmem"
}
],
"include": [
"classification.config",
"reference.config",
"generated.rules"
]
}Response JSON
{
"id": "545e9e78-4cf2-4787-be89-f553c0d96a57",
"config":
{
"var_section":
{
"HOME_NET": "any",
"EXTERNAL_NET": "any",
"DNS_SERVERS": "$HOME_NET",
"SMTP_SERVERS": "$HOME_NET",
"HTTP_SERVERS": "$HOME_NET",
"SQL_SERVERS": "$HOME_NET",
"TELNET_SERVERS": "$HOME_NET",
"SNMP_SERVERS": "$HOME_NET",
"HTTP_PORTS": 80,
"SHELLCODE_PORTS": "!80",
"ORACLE_PORTS": 1521,
"AIM_SERVERS": "[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]"
},
"preprocessor":
[
{
"preprocessor stream5_global": "max_tcp 8192, track_tcp yes, track_udp yes, track_icmp no",
"preprocessor stream5_tcp": "policy first, use_static_footprint_sizes",
"preprocessor stream5_udp": "ignore_any_rules"
},
{
"preprocessor http_inspect": "global \ iis_unicode_map unicode.map 1252"
},
{
"preprocessor http_inspect_server": "server default \ profile all ports { 80 8080 8180 } oversize_dir_length 500"
},
{
"preprocessor rpc_decode": "111 32771",
"preprocessor": "bo"
},
{
"preprocessor sfportscan": "proto { all } \ memcap { 10000000 } \ sense_level { low }"
},
{
"output unified": "filename events.log,limit 1"
},
{
"config flowbits_size": 256,
"config detection": "search-method lowmem"
}
],
"include":
[
"classification.config",
"reference.config",
"generated.rules"
]
}
}Delete snort config
Verb URI Description
DELETE /snort/:id Delete an snort config.Example Request and Response
Request Headers
DELETE /snort/7d927232-5a12-4d6e-a25f-0d823b6a2819Response Header
Status Code : 204