Morpheus
Administrators-
Content count
602 -
Joined
-
Last visited
-
Days Won
101
-
Version
0 downloads
================================================== WinIDS v2.5 Deployment Framework - Remote Node Install Guide Copyright © 2026 WinSnort.com | Michael Steele ================================================== OPERATIONAL OVERVIEW This toolkit provides the automated framework required for the deployment of a WinIDS Remote Node. This architecture facilitates decentralized packet inspection with centralized database logging. ARCHITECTURAL PREREQUISITES * Active Instance : A functional Standalone WinIDS Sensor is required. * Node Conversion : This process upgrades the Standalone Sensor instance to a Master Management Server role. ------------------------------------------------------------------------------- 1. PHASE I: PRE-DEPLOYMENT SPECIFICATIONS ------------------------------------------------------------------------------- * Archive Integrity : Extract all package contents to a dedicated directory. * Archive Security : w1nsn03t.c0m ------------------------------------------------------------------------------- 2. PHASE II: MASTER SERVER PROVISIONING ------------------------------------------------------------------------------- The Master Management Server must be configured to authorize inbound database traffic before remote Node initialization. Before execution, define the operational environment within 'InitializeNode.ps1' script using a standard text editor. Configure the following critical variables: $RemoteIP = "" # IP of the Remote Node (e.g., 0.0.0.0/32) # Don't forget the CIDR (/xx) at the end of the IP. Ensure all changes are saved prior to executing. 1. Execute via an Administrative PowerShell session: > powershell -ExecutionPolicy Bypass -File "InitializeNode.ps1" TECHNICAL IMPACT: This script automates Windows Firewall scoping and handles any remote database user permissions for the specified $RemoteIP. ------------------------------------------------------------------------------- 3. PHASE III: CONNECTIVITY & VALIDATION ------------------------------------------------------------------------------- Verify communication between the Remote Node and the Master Management Server. 1. From the Remote Node execute the Host2Node with the Host Servers HostIP & HostPORT: 2. Execute via Administrative PowerShell: > powershell -ExecutionPolicy Bypass -NoExit -File "Node2Host.ps1 HostIP HostPORT" MANDATORY: Connection verification is a hard requirement. Do not proceed to Phase IV if the handshake fails. ------------------------------------------------------------------------------- 4. PHASE IV: REMOTE SENSOR DEPLOYMENT ------------------------------------------------------------------------------- Configure the Auto-Installer for the Remote Node. 1. From the Remote Node define the operational environment within the 'config.conf' file using a standard text editor. Configure the following critical variables: $AllRules = "No" # Use "Yes" for diagnostic/high-latency only $TempDir = "" # Transient file directory (e.g., "D:\Temp") $WinIDSRoot = "" # System installation path (e.g., "D:\WinIDS") $Oinkcode = "" # Authorized 40-character Snort Oinkcode $RemoteHostIP = "" # Master Management Server IP $RemoteHostPort = "" # Master Management Server Database Port $SensorName = "" # Unique Identifier (e.g., "Sensor-Berlin") Ensure all changes are saved prior to executing. 2. Right-click 'Installer.exe' and select "Run as Administrator." LATENCY EXPECTATION: Standard deployment completes in ~10 minutes, subject to resource availability and network throughput. RECOVERY LOGIC: If a package acquisition fails, manually download the specified asset to your $TempDir and re-initialize the installer. The framework will auto-resume. ------------------------------------------------------------------------------- 5. PHASE V: POST-DEPLOYMENT MANAGEMENT ------------------------------------------------------------------------------- Upon successful completion, the WinIDS Management Suite will be accessible via Start Menu > WinSnort. Core utilities include: * Rules Updater : PulledPork-driven rule-set synchronization. ------------------------------------------------------------------------------- 6. PHASE VI: POST-DEPLOYMENT VERIFICATION ------------------------------------------------------------------------------- Management Server Validation: 1. Launch the WinIDS Console on the Master Management Server. 2. Monitor the "Sensors/Total" telemetry indicator. 3. A successful link displays "2/2" (or greater). Verify that "$SensorName" is actively reporting logs to the centralized dashboard. ================================================== TECHNICAL DOCUMENTATION & SUPPORT: https://winsnort.com ================================================== -
The WinIDS installation includes a Rules Updater utility (located in the WinSnort group in the Start Menu). By default, this utility performs a standard rule sync with Sourcefire and applies updates automatically. For administrators who require remote monitoring, the utility includes an optional Email Utility. When activated, it sends a status report to a designated email address, confirming whether rules were updated, already current, or if a validation error occurred. Configuration Procedure To activate and configure the email notification system, follow these steps: 1. Open the Script for Editing Navigate to your WinIDS installation directory and locate the PowerShell script: Path: \scripts\rules-update.ps1 Action: Right-click the file and select Edit (or open it with Notepad/VS Code). 2. Enable the Mail Utility Locate the User Configuration section at the top of the script. Change the $sendmail value from 0 to 1: $sendmail = 1 # Activates the email reporting feature 3. Configure SMTP Settings Input your mail server details between the quotes in the configuration block: $smtpServer: Your mail server address (e.g., smtp.gmail.com or internal relay IP). $smtpPort: Use 587 for SSL/TLS or 25 for standard internal relays. $smtpUser / $smtpPassword: Enter valid credentials if your server requires authentication. $from / $to: Enter the sender and recipient email addresses. 4. Save and Test Save the file. Open the Start Menu and navigate to the WinSnort group. Click the Rules Updater link to execute the script. Observe the console output. If successful, you will see: An Email report of the Rules update has been sent... Troubleshooting & Support Execution Policy: Ensure the script is run with Administrative privileges. Port Blocking: If using Port 25, ensure your antivirus or firewall is not blocking outbound SMTP traffic from PowerShell. Logs: Check the \pulledpork\log\ folder for detailed execution logs if an update fails. Technical Support: Issues during setup, please visit the WinSnort.com Forums under the Auto-Installer section for community-led support and troubleshooting tips.
-
If the High-Volume Logging/Testing option was enabled during the initial Auto-Installer setup, the system likely generated a significant number of events. While this setting is an excellent diagnostic tool to verify that the Windows Intrusion Detection System (WinIDS) is actively receiving data—especially in environments where default traffic might take hours to trigger an alert—it is recommended to revert to the default policy once connectivity is confirmed. Procedure to Restore Default Rule Policy Follow these steps to deactivate the testing rules and return to the standard configuration: Modify Configuration: Navigate to the Pulledpork\etc folder via File Explorer. Right-click enablesid.conf and open it with Notepad. Locate the line beginning with pcre:. Comment out the line by adding a # at the start (e.g., # pcre:.) Save and exit. Clear Temporary Files: Navigate to the Pulledpork\temp folder. Delete the two files located in this directory. Close File Explorer. Update Rule Set: Open the Start Menu and locate and open the WinSnort folder. Run the Rules Updater. This process will fetch the latest rule definitions and reconfigure Snort to the default policy setting, ensuring optimal performance and manageable log volumes.
-
Version
2 downloads
================================================== WinIDS v2.5 Deployment Framework - Standalone Sensor Install Guide Copyright © 2026 WinSnort.com | Michael Steele ================================================== OPERATIONAL OVERVIEW This package contains a specialized deployment framework for the Windows Intrusion Detection System (WinIDS). It is engineered for high-performance installations on Windows 10/11 and Windows Server (2016-2025) 64-bit. ------------------------------------------------------------------------------- 1. PHASE I: PRE-DEPLOYMENT SPECIFICATIONS ------------------------------------------------------------------------------- * Target Environment : Optimized for clean OS installations. * Archive Integrity : Extract all package contents to a dedicated directory. * Archive Security : w1nsn03t.c0m ------------------------------------------------------------------------------- 2. PHASE II: PARAMETER CONFIGURATION ------------------------------------------------------------------------------- From the Standalone Snsor define the operational environment within the 'config.conf' file using a standard text editor. Configure the following critical variables: $AllRules : Set "Yes" for comprehensive QA, or "No" for production. $TempDir : Defined directory for transient files (e.g., "D:\Temp"). $WinIDSRoot : Target installation directory (e.g., "D:\WinIDS"). $Oinkcode : Valid 40-character Snort Oinkcode (Required). Ensure all changes are saved prior to initialization. ------------------------------------------------------------------------------- 3. PHASE III: EXECUTION & INITIALIZATION ------------------------------------------------------------------------------- 1. Access the local extraction directory. 2. Right-click 'Installer.exe' and select "Run as Administrator." LATENCY EXPECTATION: Standard deployment completes in ~10 minutes on Workstation, and up to 60 minutes on Server subject to resource availability and network throughput. RECOVERY LOGIC: If a package acquisition fails, manually download the specified asset to your $TempDir and re-initialize the installer. The framework will auto-resume. CAUTION: Do not terminate the process during active system modifications. ------------------------------------------------------------------------------- 4. PHASE IV: POST-DEPLOYMENT MANAGEMENT ------------------------------------------------------------------------------- Upon successful completion, the WinIDS Management Suite will be accessible via Start Menu > WinSnort. Core utilities include: * WinIDS Console : Real-time telemetry, event monitoring, and analysis. * Rules Updater : PulledPork-driven rule-set synchronization. * Database Utility : Optimization and maintenance for database integrity. ================================================== TECHNICAL DOCUMENTATION & SUPPORT: https://winsnort.com ================================================== -
Version
0 downloads
================================================== WinIDS v2.5 Deployment Framework - Standalone Sensor Install Guide Copyright © 2026 WinSnort.com | Michael Steele ================================================== OPERATIONAL OVERVIEW This package contains a specialized deployment framework for the Windows Intrusion Detection System (WinIDS). It is engineered for high-performance installations on Windows 10/11 and Windows Server (2016-2025) 64-bit. ------------------------------------------------------------------------------- 1. PHASE I: PRE-DEPLOYMENT SPECIFICATIONS ------------------------------------------------------------------------------- * Target Environment : Optimized for clean OS installations. * Archive Integrity : Extract all package contents to a dedicated directory. * Archive Security : w1nsn03t.c0m ------------------------------------------------------------------------------- 2. PHASE II: PARAMETER CONFIGURATION ------------------------------------------------------------------------------- From the Standalone Snsor define the operational environment within the 'config.conf' file using a standard text editor. Configure the following critical variables: $AllRules : Set "Yes" for comprehensive QA, or "No" for production. $TempDir : Defined directory for transient files (e.g., "D:\Temp"). $WinIDSRoot : Target installation directory (e.g., "D:\WinIDS"). $Oinkcode : Valid 40-character Snort Oinkcode (Required). Ensure all changes are saved prior to initialization. ------------------------------------------------------------------------------- 3. PHASE III: EXECUTION & INITIALIZATION ------------------------------------------------------------------------------- 1. Access the local extraction directory. 2. Right-click 'Installer.exe' and select "Run as Administrator." LATENCY EXPECTATION: Standard deployment completes in ~10 minutes on Workstation, and up to 60 minutes on Server subject to resource availability and network throughput. RECOVERY LOGIC: If a package acquisition fails, manually download the specified asset to your $TempDir and re-initialize the installer. The framework will auto-resume. CAUTION: Do not terminate the process during active system modifications. ------------------------------------------------------------------------------- 4. PHASE IV: POST-DEPLOYMENT MANAGEMENT ------------------------------------------------------------------------------- Upon successful completion, the WinIDS Management Suite will be accessible via Start Menu > WinSnort. Core utilities include: * WinIDS Console : Real-time telemetry, event monitoring, and analysis. * Rules Updater : PulledPork-driven rule-set synchronization. * Database Utility : Optimization and maintenance for database integrity. ================================================== TECHNICAL DOCUMENTATION & SUPPORT: https://winsnort.com ================================================== -
Version
0 downloads
================================================== WinIDS v2.5 Deployment Framework - Standalone Sensor Install Guide Copyright © 2026 WinSnort.com | Michael Steele ================================================== OPERATIONAL OVERVIEW This package contains a specialized deployment framework for the Windows Intrusion Detection System (WinIDS). It is engineered for high-performance installations on Windows 10/11 and Windows Server (2016-2025) 64-bit. ------------------------------------------------------------------------------- 1. PHASE I: PRE-DEPLOYMENT SPECIFICATIONS ------------------------------------------------------------------------------- * Target Environment : Optimized for clean OS installations. * Archive Integrity : Extract all package contents to a dedicated directory. * Archive Security : w1nsn03t.c0m ------------------------------------------------------------------------------- 2. PHASE II: PARAMETER CONFIGURATION ------------------------------------------------------------------------------- From the Standalone Snsor define the operational environment within the 'config.conf' file using a standard text editor. Configure the following critical variables: $AllRules : Set "Yes" for comprehensive QA, or "No" for production. $TempDir : Defined directory for transient files (e.g., "D:\Temp"). $WinIDSRoot : Target installation directory (e.g., "D:\WinIDS"). $Oinkcode : Valid 40-character Snort Oinkcode (Required). Ensure all changes are saved prior to initialization. ------------------------------------------------------------------------------- 3. PHASE III: EXECUTION & INITIALIZATION ------------------------------------------------------------------------------- 1. Access the local extraction directory. 2. Right-click 'Installer.exe' and select "Run as Administrator." LATENCY EXPECTATION: Standard deployment completes in ~10 minutes on Workstation, and up to 60 minutes on Server subject to resource availability and network throughput. RECOVERY LOGIC: If a package acquisition fails, manually download the specified asset to your $TempDir and re-initialize the installer. The framework will auto-resume. CAUTION: Do not terminate the process during active system modifications. ------------------------------------------------------------------------------- 4. PHASE IV: POST-DEPLOYMENT MANAGEMENT ------------------------------------------------------------------------------- Upon successful completion, the WinIDS Management Suite will be accessible via Start Menu > WinSnort. Core utilities include: * WinIDS Console : Real-time telemetry, event monitoring, and analysis. * Rules Updater : PulledPork-driven rule-set synchronization. * Database Utility : Optimization and maintenance for database integrity. ================================================== TECHNICAL DOCUMENTATION & SUPPORT: https://winsnort.com ================================================== -
Version
0 downloads
================================================== WinIDS v2.5 Deployment Framework - Standalone Sensor Install Guide Copyright © 2026 WinSnort.com | Michael Steele ================================================== OPERATIONAL OVERVIEW This package contains a specialized deployment framework for the Windows Intrusion Detection System (WinIDS). It is engineered for high-performance installations on Windows 10/11 and Windows Server (2016-2025) 64-bit. ------------------------------------------------------------------------------- 1. PHASE I: PRE-DEPLOYMENT SPECIFICATIONS ------------------------------------------------------------------------------- * Target Environment : Optimized for clean OS installations. * Archive Integrity : Extract all package contents to a dedicated directory. * Archive Security : w1nsn03t.c0m ------------------------------------------------------------------------------- 2. PHASE II: PARAMETER CONFIGURATION ------------------------------------------------------------------------------- From the Standalone Snsor define the operational environment within the 'config.conf' file using a standard text editor. Configure the following critical variables: $AllRules : Set "Yes" for comprehensive QA, or "No" for production. $TempDir : Defined directory for transient files (e.g., "D:\Temp"). $WinIDSRoot : Target installation directory (e.g., "D:\WinIDS"). $Oinkcode : Valid 40-character Snort Oinkcode (Required). Ensure all changes are saved prior to initialization. ------------------------------------------------------------------------------- 3. PHASE III: EXECUTION & INITIALIZATION ------------------------------------------------------------------------------- 1. Access the local extraction directory. 2. Right-click 'Installer.exe' and select "Run as Administrator." LATENCY EXPECTATION: Standard deployment completes in ~10 minutes on Workstation, and up to 60 minutes on Server subject to resource availability and network throughput. RECOVERY LOGIC: If a package acquisition fails, manually download the specified asset to your $TempDir and re-initialize the installer. The framework will auto-resume. CAUTION: Do not terminate the process during active system modifications. ------------------------------------------------------------------------------- 4. PHASE IV: POST-DEPLOYMENT MANAGEMENT ------------------------------------------------------------------------------- Upon successful completion, the WinIDS Management Suite will be accessible via Start Menu > WinSnort. Core utilities include: * WinIDS Console : Real-time telemetry, event monitoring, and analysis. * Rules Updater : PulledPork-driven rule-set synchronization. * Database Utility : Optimization and maintenance for database integrity. ================================================== TECHNICAL DOCUMENTATION & SUPPORT: https://winsnort.com ================================================== -
Version 1.0.0
11 downloads
The Snort Cheat Sheet covers: Sniffer mode, Packet logger mode, and NIDS mode operation Snort rules format Logger mode command line options NIDS mode options Alert and rule examples -
Morpheus replied to Fongin1's topic in Manually Installing an IIS Web Server logging events to a MySQL Database
You will need to bridge the two NIC's and in Windows 10 do it as below: Bridging Your Internet Connections on Windows 10 Step 1: Go to your Control Panel from the Start menu. Step 2: Navigate to Network Connections. Step 3: Click on the first NIC that you want to bridge. Step 4: Hold down the CTRL key while clicking on the second NIC that you want to bridge. Step 5: Right-click on one of the selected NICs and click "Bridge Connections." I have not tested the above on anything other than Windows 10. -
Morpheus replied to 7rrivera7's topic in Manually Installing an IIS Web Server logging events to a MySQL Database
To test the MySQL database server and authentications open a CMD window with Administrator access and type d:\activators\db_tools\test_mysql-php7.php -
Morpheus replied to dhernandez000's topic in Manually Installing an Apache2 Web Server logging events to a MySQL Database
The problem is that it is not finding the base.php file, or possibly the base_conf.php file? It has to find the file first before trying to execute it. Not sure if it could be the problem but make sure the config file is correctly named: base_conf.php Maybe some sort of a permission problem with the files in the base folder? Not sure how a permission problem could be the problem when the test.php file is working. You are going to have issues with WinPcap and Npcap both installed. Use either one but not both. Note: Uninstall both and then install the one you are going to use. Make sure Snort is not running when you uninstall. -
Morpheus replied to dhernandez000's topic in Manually Installing an Apache2 Web Server logging events to a MySQL Database
Does this work: http://winids/base.php -
Morpheus replied to dhernandez000's topic in Manually Installing an Apache2 Web Server logging events to a MySQL Database
I'm not sur but there appears to be a formatting error with the Apache config. Try the attached one. Also try moving the test.php file to the base folder and then try http://winids/test.php httpd.conf -
Morpheus replied to 7rrivera7's topic in Manually Installing an IIS Web Server logging events to a MySQL Database
That is not normal? -
Morpheus replied to 7rrivera7's topic in Manually Installing an IIS Web Server logging events to a MySQL Database
The only thing I can tell is that it's not allowing you to access the test.php because you don't have sufficient permissions? What happens if you remove the test.php file and try accessing it when it is missing. You should get the same error? Do you have a space in the word base? Look at your Physical Path - It appears you have a space in base -> ba se