Snort → Splunk Portscan Demo

➤ Full Lab Report • Dashboard XML • Key SPL

Snort → Splunk Portscan Demo

This home-lab demonstrates how to detect Nmap SYN scans using Snort and visualize the alerts in Splunk.
The setup includes a small but functional Splunk dashboard with panels for top sources, top destination ports, timelines, and recent alerts.

🔍 What it shows

Real-time TCP Portscan Detected (SYN burst) alerts from Snort
Parsed fields for source IP, destination IP, protocol, ports, and priority
A simple, readable Splunk dashboard for triage

📂 Repository Structure

scripts/ – helper scripts to run Snort and add Splunk monitors
splunk/ – XML export of the Splunk dashboard
queries/ – SPL queries used by the panels
docs/screenshots/ – screenshots for README and LinkedIn

⚡ How to Run (Quick Start)

Start Snort on a host-only NIC and log output:
```
sudo ./scripts/run_snort_console.sh
```

Screenshots

Dashboard overview

Panels

Over time	Top sources	Top destination ports

Last 50 alerts

Live terminals

Name		Name	Last commit message	Last commit date
Latest commit History 21 Commits
docs		docs
scripts		scripts
splunk		splunk
.gitignore		.gitignore
Numan Shaik - 2025		Numan Shaik - 2025
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Snort → Splunk Portscan Demo

🔍 What it shows

📂 Repository Structure

⚡ How to Run (Quick Start)

Screenshots

About

Uh oh!

Releases

Packages

Languages

numanshaik-security/snort-splunk-portscan-demo

Folders and files

Latest commit

History

Repository files navigation

Snort → Splunk Portscan Demo

🔍 What it shows

📂 Repository Structure

⚡ How to Run (Quick Start)

Screenshots

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages