Any help appreciated on where I am being dumb here? Trying to configure a custom IDS rule in Suricata using a Dataset (which is an .lst file of base6 ...
I have a problem connecting Suricata with Telegraf, using unix_stream socket: Suricata confg: Telegraf config: Error displayed in Suricata co ...
I am running proxmox on my server machine. I have attached a bridge adapter to it and 2 containers (A and B) are installed on proxmox. I have also in ...
I'm using pkill to send USR2 signal to suricata by python subprocess as below: the result is: exit_status = -12 When I executed on terminal: th ...
I'm looking into implementing AWS Network Firewall with Suricata IPS rules, and find it really hard to find real examples and ideas of what is relevan ...
I am working on AWS Network Firewall with Suricata rule to filter specific source IP address to different destination by FQDN, mainly for HTTP and HTT ...
I redirected all the logs(suricata logs here) to logstash using rsyslog. I used template for rsyslog as below: for every incoming message, rsyslog ...
Goal: I want compare two Suricata rule files and comment out the same lines (alerts "SIDs") from file1 in file2 unless it already commented out. I und ...
I was looking into suricata and I could not understand something about configuration file. As in the documentation we need to add our rule file to the ...
any regex wizards able to help? I'm trying to get the regex to parse the Suricata fast log. So far I found a old post that kind of works here but wou ...
I need some help am still new to suricata. am learning and my splunk event shows theres an automated SQLI attack . This is my rule i wrote seems it ...
I'm new to DPDK, and I'm installing a DPDK version of suricata on the server. When I run suricata --list-dpdkports, it shows What does EAL: No avai ...
I am currently underway with my Senior Capstone project, in which I am to write a somewhat basic program which allows a custom interface on my iPhone6 ...
In Suricata 6.0.0 beta 1, I noticed that the url_decode rule keyword is added. And why url_decode supported in transformation while base64_decode impl ...
I have installed DPDK-19.11.1 LTS successfully as follows: And the NIC I have bound as follows: If I run an example (dpdk/dpdk-stable-19.11.3/ex ...
I'm trying to get suricata to alert on a pcap in the fast.log file instead of a network interface as it says it does in the documentation, but I can't ...
I use docker-compose to start Evebox, but I cannot connect it on localhost:5636. A part of my docker-compose file : I cannot connect Evebox on loc ...
After install and config Suricata 5.0.2 according to document https://suricata.readthedocs.io/. I try to change some configuration in suricata.yaml b ...
I discovered Filebeat a couple days ago. I have it sending data to Kafka directly if I hard code the topic name in filebeat.yml. But I can't seem to f ...
I run a small business network with around a 500mbit Internet connection and want to introduce an NIPS (network intrusion prevention system). I have i ...