Welcome to the Aanval Wiki. Snort, Suricata and Syslog Intrusion Detection, Situational Awareness and Risk Management.

Visit http://www.aanval.com/ for more information.

Suricata

From Aanval Wiki
Jump to: navigation, search

Suricata is an open source-based intrusion detection system (IDS). It was developed by the Open Information Security Foundation (OISF). A beta version was released in December 2009, with the first standard release following in July 2010.

It is a multi-threaded IDS that writes logs in the Unified2 format, and it works with Snort (Sourcefire) and Emerging Threats rule sets. It’s been a popular IDS choice for Aanval users.

Using Suricata with Aanval

Since Suricata writes events in the Unified2 format, users will need Barnyard2 to parse the events from Unified2 to a Snort or MySQL database.

  1. To configure Suricata sensors to Aanval, please visit Snort Settings to first configure the Snort or MySQL database to which Suricata data is being written.
    (See How do I create a database? for instructions to create a database.)
  2. Once the database is configured, please visit Sensor Configuration to further configure active Suricata sensors on the database.

External Links