snort3搭配Promtail拋json到loki

我改用snort3搭配Promtail拋json到loki就成功了

Promtail跟snort3都安裝在kali-linux上

snort3的安裝跟設定方式略過，參考snort3 alloy loki 那一篇

安裝promtail跟設定

CVE-2026-31431的修補方式

 POC驗證腳本，這是本地權限提升 (LPE)漏洞，修改記憶體內容，達成越權

這個用snort3這種網路型的IDS沒用，要用HIDS或EDR才偵測的到

https://github.com/theori-io/copy-fail-CVE-2026-31431

snort3 alloy loki grafana 傳遞alert_json

測試完成重寫，alloy好像有比較快，還是錯覺

看來看去Promtail跟alloy真的很像，所以就測試成功了

用snort3搭配alloy拋json到loki

alloy跟snort3都安裝在kali-linux上

greenbone community edition docker 掛載容器遇到有元件無法下載的問題

 https://greenbone.github.io/docs/latest/22.4/container/index.html

原廠的安裝說明文件，說只能掛在這些系統上

Debian stable (bookworm)

Ubuntu 24.04 LTS

Fedora 35 and 36

CentOS 9 Stream

所以我就在windows上，蓋WSL2，在蓋上Ubuntu24.4測試

SecureClaw

專案網址在這裡，有玩龍蝦的人應該知道是什麼

 https://github.com/adversa-ai/secureclaw

SecureClaw is a 360-degree security plugin and skills that audits your OpenClaw installation for misconfigurations and known vulnerabilities, applies automated hardening fixes, and gives your agent behavioral security rules that protect against prompt injection, credential theft, supply chain attacks, and privacy leaks.