SNORT WORKSHOP Install and Configure rules: https://upcloud.com/community/tutorials/install-snort-ubuntu/ wget https://snort.org/downloads/snort/snort-2.9.16.1.tar.gz sudo -apt-get remove --auto-remove snort https://www.cloudsavvyit.com/6424/how-to-use-the-snort-intrusion-detection-system-on-linux/ snort instalaltion snow network setup ip addr backup snort.conf create test_snort.conf remove all the rules #Test SNORT config sudo snort -T -i enp0s3 -c /etc/snort/test_snort.conf #Run rule on console output sudo snort -A console -q -i enp0s3 -c /etc/snort/test_snort.conf ' #Rule 1 (ICMP Detection) alert icmp any any -> $HOME_NET any (msg:"ICMP test"; sid:1000001; rev:1; classtype:icmp-event;) #Rule 2 (FTP Connection attempt) alert tcp any any -> $HOME_NET 21 (msg:"FTP Connection attempt"; sid:1000002; rev:1;) #Log alert as Ascii sudo snort -A console -q -i enp0s3 -c /etc/snort/test_snort.conf -K ascii #Rule3 :(FTP Connection failed attempt) alert tcp $HOME_NET 21 -> any any (msg:"FTP Failed Login"; content:"Login or password incorrect!"; sid:1000003; rev:1;) #alert icmp any any -> $HOME_NET any (msg:"ICMP test"; sid:1000001; rev:1; classtype:icmp-event;) #alert tcp 192.168.56.1 any -> $HOME_NET 21 (msg:"FTP Connection attempt"; sid:1000002; rev:1;) SNORPY http://snorpy.com/ https://github.com/chrisjd20/Snorpy https://handlers.sans.org/gbruneau/snorpy_setup.htm