Simple-IDS - Suricata & EveBox Simply
Simple-IDS is a tool to easily run Suricata and EveBox on Linux systems using Docker or Podman.
This program is considered experimental and many things may change, break, change name, change repo, etc, etc... And I might even force push!
Limitations: Simple-IDS is for running Suricata and EveBox on a single system. An upcoming tool, EveCtl will allow for more flexible deployment options including client and server deployments.
System Requirements
In order to use Simple-IDS you will need a Linux machine that has a network interface that is already seeing the traffic you want to monitor. In the simplest of scenarios, this could be the primary network interface on your Linux machine that only sees the traffic to and from that machine itself.
As for the Linux machine itself, it could be any x86_64, or Arm64 Linux machine that has a working installation of Docker or Podman, which should be just about any Linux distribution actively maintained in 2023.
You will also need root access, as that is a requirement for Suricata to get the low level access it needs to network interfaces.
Installation the Easy Way
mkdir ~/simple-ids
cd ~/simple-ids
curl -sSf https://evebox.org/simple-ids.sh | sh
Or download directly from https://evebox.org/files/simple-ids/.
Once you have the program downloaded, run it:
./simple-ids
Under the configure menu select your network interface, select "Start" from the main menu then point your browser at http://127.0.0.1:5636.
If running Simple-IDS on something like your Linux based firewall, router or server you may want to explore the menu options for enabling external access.
GitHub, Questions, etc...
For more current information, or to ask a question see the GitHub project for Simple-IDS: