Stamus Networks is proud to announce the availability of the first technology preview of Amsterdam.
- Suricata: latest version of the IDS/NSM engine
- Elasticsearch: the powerful search engine
- Logstash: the data pipeline application injecting Suricata events in the database
- Kibana: Version 4 of the famous dashboard interface
- Scirius: Stamus Networks' Suricata ruleset management interface
Using Amsterdam is really simple. Once installed, you need to setup a directory that will contain data and configuration. For example to create and use a directory named
ams-wlan0 and sniff the wlan0 interface on host, one can run once:
amsterdam -d ams-wlan0 -i wlan0 setup
You can then start Amsterdam by running:
amsterdam -d ams-wlan0 start
Once all containers are built and started, you can point your browser to http://localhost:8000 to get access to the management interface.
It is possible to run multiple instances of Amsterdam on the same system by using different data directories. Each data directory contains the configuration files of the components so you can easily tune your installation.
More information and source code available on Github.