Suricata IDS
Suricata IDS normalizes Suricata IDS events and enables you to analyze Suricata IDS data.
Release Details
Version: 5.1.0
Release date: May 07, 2024
Supported On: Logpoint v7.4.0 or later for log source template
SHA 256: 30f66eef046bbfba570e925045a1163664ce81bab61444a749ee72b52c12104e
Download
Package Detail
Suricata IDS component:
- Normalization Package
- LP_Suricata IDS
Enhancement
| Description | Issue ID | Reference ID |
|---|---|---|
| Added Syslog Collector based Suricata log source template, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template. |
KB-22706 |
- |
Installation
To install Suricata IDS:
- Download the .pak file from the Download link above.
- Go to Settings >> System Settings from the navigation bar and click Applications.
- Click Import.
- Browse to the downloaded .pak file.
- Click Upload.
Past Release
Suricata IDS v5.0.0
Release Date: January 20, 2021
Supported On: Logpoint v6.6.0 and later
Download: Suricata_IDS_5.0.0.pak
SHA256: acf3dd92db7984942e39c3b7cdb71c6902554db65b75793e87fc732662298ddf
Enhancement
New signatures have been added in the LP_Wallix normalization package to support the Wallix logs.
Supported Device
Suricata IDS
Log Format
Suricata IDS
Expected Log Format
JSON
Log Sample
<174>2018-02-01T10:14:25.339602+01:00 xxxxx suricata[21297]: {"timestamp": "2018-02-01T10:14:24.959598+0100", "flow_id": xxxxxxxxxxxxxx, "in_iface": "xxxxxx", "event_type": "alert", "src_ip": "xxx.xxx.xxx.xxx", "src_port": xxxxx, "dest_ip": "xxx.xxx.xx.xx", "dest_port": xxxx, "proto": "UDP", "alert": {"action": "allowed", "gid": 1, "signature_id": xxxxxxx, "rev": 1, "signature": "ET DOS Possible SSDP Amplification Scan in Progress", "category": "Attempted Denial of Service", "severity": 2}, "app_proto": "failed", "flow": {"pkts_toserver": 2, "pkts_toclient": 0, "bytes_toserver": 272, "bytes_toclient": 0, "start": "2018-02-01T10:14:23.958122+0100"}, "payload": "TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHNzZHA6YWxsDQoNCg==", "stream": 0}
To export data to Logpoint, use the Syslog collector on port 514 of the Logpoint server.
Support
If you have any questions or require assistance, create a support ticket.
Comments
Article is closed for comments.