1 00:00:00,05 --> 00:00:03,06 - [Narrator] Snort is an open source IDS, 2 00:00:03,06 --> 00:00:06,03 or intrusion detection system. 3 00:00:06,03 --> 00:00:10,02 It's one of the most widely used IDS software 4 00:00:10,02 --> 00:00:15,04 both for training and use in real life settings. 5 00:00:15,04 --> 00:00:20,05 You can download and install Snort free of charge. 6 00:00:20,05 --> 00:00:25,03 However, there are aspects of Snort that aren't free. 7 00:00:25,03 --> 00:00:27,09 If you want the latest Snort rules, 8 00:00:27,09 --> 00:00:29,05 as soon as they become available, 9 00:00:29,05 --> 00:00:33,01 a paid subscription is necessary. 10 00:00:33,01 --> 00:00:38,03 To download Snort, click on the Downloads menu option. 11 00:00:38,03 --> 00:00:43,09 You can find the latest Snort stable release right here. 12 00:00:43,09 --> 00:00:47,02 Windows and Linux versions are available. 13 00:00:47,02 --> 00:00:52,04 Under Sources, you can download the source code too. 14 00:00:52,04 --> 00:00:54,05 Snort runs in different modes, 15 00:00:54,05 --> 00:00:58,03 including Packet Sniffer, IDS, 16 00:00:58,03 --> 00:01:01,02 or IPS modes. 17 00:01:01,02 --> 00:01:06,04 IPS stands for intrusion prevention system. 18 00:01:06,04 --> 00:01:08,02 In the Packet Sniffer mode, 19 00:01:08,02 --> 00:01:12,04 Snort works passively and collects packets 20 00:01:12,04 --> 00:01:15,00 without analyzing them. 21 00:01:15,00 --> 00:01:16,06 In the IDS mode, 22 00:01:16,06 --> 00:01:20,03 Snort continues to act passively, but it also 23 00:01:20,03 --> 00:01:24,08 analyzes packets to detect suspicious activities 24 00:01:24,08 --> 00:01:27,04 and send alerts. 25 00:01:27,04 --> 00:01:29,02 In the IPS mode, 26 00:01:29,02 --> 00:01:30,09 Snort is active. 27 00:01:30,09 --> 00:01:37,00 That is, it analyzes packets, detects suspicious activities, 28 00:01:37,00 --> 00:01:40,07 and takes action against them. 29 00:01:40,07 --> 00:01:43,04 Therefore, Snort drops packets, 30 00:01:43,04 --> 00:01:47,01 if necessary, in the IPS mode. 31 00:01:47,01 --> 00:01:53,01 Snort can store its IDS and IPS logs locally as files 32 00:01:53,01 --> 00:01:56,02 which is not always scalable. 33 00:01:56,02 --> 00:01:59,09 The preferred way is to forward log messages 34 00:01:59,09 --> 00:02:04,01 to a dedicated log server in the cloud. 35 00:02:04,01 --> 00:02:07,05 A security information and event management, or SIEM, 36 00:02:07,05 --> 00:02:11,01 solution like Splunk can play the role 37 00:02:11,01 --> 00:02:14,07 of the centralized log server. 38 00:02:14,07 --> 00:02:19,06 Snort itself doesn't offer a visualization feature either, 39 00:02:19,06 --> 00:02:24,09 but a SIEM system, such as Splunk, can fill in the gap. 40 00:02:24,09 --> 00:02:28,03 Another option is using a highly scalable storage 41 00:02:28,03 --> 00:02:33,07 search and analytics solution, like Elasticsearch, 42 00:02:33,07 --> 00:02:40,01 combined with a visualization user interface, like Kibana. 43 00:02:40,01 --> 00:02:44,07 With the support of an ecosystem consisting of log servers, 44 00:02:44,07 --> 00:02:49,08 data search and analytics engines, and visualization, 45 00:02:49,08 --> 00:02:54,02 Snort remains a powerful network monitoring tool. 46 00:02:54,02 --> 00:02:56,04 Many organizations adopt Snort 47 00:02:56,04 --> 00:03:00,00 as their primary IDS and IPS solutions.