Suricata
Metadata
- Identifier:
suricata - Maturity: Production
Categories
- Network Intrusion Detection and Prevention System
Description
Suricata is the leading independent open source threat detection engine. By combining intrusion detection (IDS), intrusion prevention (IPS), network security monitoring (NSM) and PCAP processing, Suricata can quickly identify, stop, and assess even the most sophisticated attacks.
Actions
| Identifier | Description | Expected Parameters Keys and Types |
|---|---|---|
start_service | Starts the Suricata service. | |
stop_service | Stops the Suricata service. |
Information
| Identifier | Description | Type | Properties | Default Value |
|---|---|---|---|---|
automatic_update | State of the automatic daily updates | BOOLEAN | CONFIGURATION, OPTIONAL, WITH_DEFAULT_VALUE, NON_DEDUCTIBLE, WRITABLE | False |
daily_alerts | Total number of alerts | INTEGER | METRIC, READ_ONLY | |
interface | Interface on which Suricata listens | STRING | CONFIGURATION, NON_DEDUCTIBLE, MANDATORY, WRITABLE | |
total_alerts | Total number of alerts | INTEGER | METRIC, READ_ONLY | |
uptime | Time since Suricata was started | STRING | METRIC, READ_ONLY | |
version | Current installed version | STRING | AUTO_GENERATED_AFTER_INSTALL, READ_ONLY |
Logs
| Identifier | Description | Location | Format |
|---|---|---|---|
json_alerts | Regular log messages and alerts in JSON format | /var/log/suricata/eve.json | JSON |
operational_logs | Log messages describing Suricata's functioning | /var/log/suricata/suricata.log | TEXT |
text_alerts | Generated alerts in plaintext format | /var/log/suricata/fast.log | TEXT |
Tests
| Identifier | Description | Type |
|---|---|---|
internet_access | Checks if host has Internet access. | REQUIREMENT |
malicious_url | Requests a malicious-marked URL. | SECURITY |
present_command | Checks if Suricata's command is present. | PRESENCE |
process_running | Checks if Suricata's process is running. | OPERATIONAL |