When Dustin developed and launched Snorby in 2009, he had a vision of creating an application that made the process of analyzing and classifying events accessible as simple as possible for analysts. While this helped make NSM accessible to more people, the process of actually deploying the sensor infrastructure remains cumbersome.
If you search for “Snorby Tutorial” on Google, you’ll find Corelan’s Snorby Cheat Sheet for setting up Suricata. It’s a great comprehensive tutorial, but it’s over 2800 words and 15 printed pages. It shouldn’t take this many steps and hours for someone to get a competent network security monitoring infrastructure setup.
With Snorby Cloud, one of our main goals was to solve this problem. In our private beta it is now possible to sign-up, login, spin up a snorby box, and setup network sensors in less than 5 minutes without any additional instruction. This is possible thanks to Jen Andre’s new sensor installation script. Here is how it works:
When you add a sensor through the UI, you can choose to download a file with everything you need.
From here you can execute a single command on the target Linux or OS X computer to complete the sensor installation. You don’t need to manually SCP files across, muck with file permissions, or build any software.
Once the command is executed, the rest of the installation is guided for your specific OS in the terminal and takes less than 60 seconds to complete.
That’s it! After this step is completed, the sensor will be correctly setup and securely communicating to the Snorby front-end where you can view any reported events.
As analysts ourselves having a simple preconfigured sensor package that can be easily deployed to a node is invaluable. We hope you think so too! If you are curious to try this out for yourself before we launch, sign up at https://cloud.snorby.org!