Skip to main content

Suricata

Metadata

  • Identifier: suricata
  • Maturity: Production

Categories

  • Network Intrusion Detection and Prevention System

Description

Suricata is the leading independent open source threat detection engine. By combining intrusion detection (IDS), intrusion prevention (IPS), network security monitoring (NSM) and PCAP processing, Suricata can quickly identify, stop, and assess even the most sophisticated attacks.

Actions

IdentifierDescriptionExpected Parameters Keys and Types
start_serviceStarts the Suricata service.
stop_serviceStops the Suricata service.

Information

IdentifierDescriptionTypePropertiesDefault Value
automatic_updateState of the automatic daily updatesBOOLEANCONFIGURATION, OPTIONAL, WITH_DEFAULT_VALUE, NON_DEDUCTIBLE, WRITABLEFalse
daily_alertsTotal number of alertsINTEGERMETRIC, READ_ONLY
interfaceInterface on which Suricata listensSTRINGCONFIGURATION, NON_DEDUCTIBLE, MANDATORY, WRITABLE
total_alertsTotal number of alertsINTEGERMETRIC, READ_ONLY
uptimeTime since Suricata was startedSTRINGMETRIC, READ_ONLY
versionCurrent installed versionSTRINGAUTO_GENERATED_AFTER_INSTALL, READ_ONLY

Logs

IdentifierDescriptionLocationFormat
json_alertsRegular log messages and alerts in JSON format/var/log/suricata/eve.jsonJSON
operational_logsLog messages describing Suricata's functioning/var/log/suricata/suricata.logTEXT
text_alertsGenerated alerts in plaintext format/var/log/suricata/fast.logTEXT

Tests

IdentifierDescriptionType
internet_accessChecks if host has Internet access.REQUIREMENT
malicious_url Requests a malicious-marked URL.SECURITY
present_commandChecks if Suricata's command is present.PRESENCE
process_runningChecks if Suricata's process is running.OPERATIONAL

References