New version of SAM Released
Posted by Sam
There's a new version of SAM (Snort Alert Monitor) up at SAM's project site. The new release adds Authentication, a country heat map and country coded IP addresses. Check it out at the project site and let me know what features you'd like to see in the SAM forums.
Tags: sam
Snort Alert Monitor 0.4.0 Released
Posted by Sam
SAM 0.4.0 has been released. Here's a highlight of features available in this release:
- Fixed a copy and paste bug where the dashboard only showed stats for the last 5 minutes instead of the last hour as was intended.
- Dashboard now updates automatically.
- And more...
Originally I had a few additional features scheduled for this release. However having the Dashboard refresh automatically seemed like something that would be useful for most people ASAP and was the driving factor that the original version of SAM was created for. So since I had this in place I decided to move the much less critical features to another release and get this one out the door.
Speaking of features - I've been able to crank through things much faster than on the previous version. This is largely in thanks to a LOT of great JQuery plugins and the fact that I switched from Java/Swing development to Ruby on Rails. If you've got ideas for things you'd like to see please let me know. Most of what's going in SAM right now is stuff that interests me. I can't promise I'll implement everything and a lot of stuff probably is better completed as plugins but if it makes sense I'll put it on the roadmap. And if it doesn't make sense but sounds like fun to me I might create a stand alone app that utilizes the API. So, give me your ideas!
Tags: sam
SAM API Examples
Posted by Sam
Since the release of SAM 0.3.0 has hot and fresh API support baked in I thought I should put up examples so that somebody besides me could use them. Here's a taste of what it might look like to use the API to get the Threat Index.
require 'rubygems'
require 'active_resource'
class Threat < ActiveResource::Base
self.site = 'http://127.0.0.1:3000/'
end
start = ARGV[0].to_i.hours.ago.strftime('%Y-%m-%d %H:%M')
threats = Threat.find(:all,
:from => "/dashboard/threat_indexes.xml",
:params => { :start_date => start, :limit => 5 })
puts "Source\t\tThreat Index"
puts "------------------------------"
for threat in threats
puts "#{threat.formatted_source_address}\t\t#{threat.threat_index}"
end
Check out the rest of the API examples.
Tags: sam
Snort Alert Monitor 0.3.0 Released
Posted by Sam
Version 0.3.0 of Snort Alert Monitor was released today. You can download the files at the SAM project site as well as a full changelog. Here's a short update on what's changed with this release.
- iPhone web version
- Added XML and JSON API support
- Added CSV export options
Tags: sam
Snort Alert Monitor 0.2.0
Posted by Sam
Version 0.2.0 of Snort Alert Monitor was released today. You can download the files at the SAM project site as well as a full changelog. Here's a short update on what's changed with this release.- Postgres support
- Add about page with contributions
- Show references for signatures
- User interface tweaks
Tags: sam