IDS/IPS Viewer
- Ultra-lightweight Suricata dashboard -
- Backendless GUI for Suricata eve.json logs.
- Client-side parsing. No database, no indexing server.
- Designed for small infrastructures and home labs.
- Security by design: minimal attack surface, no exposed APIs.
- No SIEM overhead. Just direct log visibility.
- Clean, responsive web interface.
- Live alerts refreshed every 10 seconds.
- Top alerts ranking by frequency.
- Immediate visibility on contacted external IPs.
- List of local assets impacted by incidents.
- Automatic MITRE ATT&CK mapping from events.
- Quick pivot to external OSINT/CTI sources.
- Raw log viewer with search and filtering.
- Local MITRE database of common network attack patterns.
services:
open-eve:
image: ghcr.io/dxc-0/open-eve-dashboard:latest
container_name: open-eve-dashboard
ports:
- "8080:80"
volumes:
# - ./src/config.json:/usr/share/nginx/html/config.json:ro,Z (optional)
- /var/log/suricata/eve.json:/usr/share/nginx/html/eve.json:ro,Z
restart: unless-stopped
security_opt:
- no-new-privileges:true
Launch the container :
docker compose up -d
Copy the static files from the src directory to your Nginx web server.
sudo cp -r src/ /var/www/open-eve/
Add a server block to your Nginx config.
Ensure the Nginx user has read permissions on the log file.
Enable and Restart:
sudo ln -s /etc/nginx/sites-available/open-eve /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx
⚠️ Since this dashboard exposes sensitive network logs, do not expose it directly to the internet without protection. Use authentication, restrict access by IP, use a reverse proxy with TLS.
To use external url, modify the config.json at the root of the directory.
{
"source": ""
}
This setting override the default configuration.
It is your responsibility to properly serve the eve.json file.