EveBox

EveBox is a Suricata alert and event management tool for the Suricata IDS/NSM Engine.

It can be used against your existing ELK stack, or as a standalone Suricata event manager using its embedded SQLite database for small deployments, or Elasticsearch/Opensearch for larger deployments.

Screenshots​

Downloads​

First, are you looking for a really simple way to get started? If so here are a couple of options:

• Simple IDS: My menu driven CLI tool that wraps up Suricata, EveBox and other tools for rule management. Note that this uses containers under the hood, but its simple.

• SELKS: A turn-key, open source Suricata solution by Stamus Networks that includes EveBox (No, I don't work there, I'm just happy they include EveBox).

Otherwise if you are more into DIY and want to run/manage Suricata and EveBox on your own, here are the options for downloading Evebox: