Alertas suricata - explicacion e interpretacion

Arturo_Garcia · August 18, 2021, 9:03pm

Hola Cominidad, estoy analizando el trafico suricata con el stack de Elastic, y mi duda es sobre las alertas que genera suricata.
Su ayuda interpretando cada alerta y por que surgen. Gracias.

ET INFO UPnP Discovery Search Response vulnerable UPnP device 1
SURICATA HTTP unable to match response to request
ET USER_AGENTS Go HTTP Client User-Agent
SURICATA STREAM Packet with invalid timestamp
SURICATA HTTP too many warnings
SURICATA STREAM excessive retransmissions

Meerkat alerts - explanation and interpretation

Hello Cominidad, I am analyzing the suricata traffic with the Elastic stack, and my question is about the alerts that meerkat generates.
Your help in interpreting each alert and why they arise. Thanks.

ET INFO UPnP Discovery Search Response vulnerable UPnP device 1
SURICATA HTTP unable to match response to request
ET USER_AGENTS Go HTTP Client User-Agent
SURICATA STREAM Packet with invalid timestamp
SURICATA HTTP too many warnings
SURICATA STREAM excessive retransmissions

sbhardwaj · August 19, 2021, 3:49am

Hola, Arturo!
Bienvenido a nuestra forum.
Alerts son correspondientes a network tráfico y Suricata rules. Así que tendremos que ver tu network tráfico para ayudarlo.
Si estas buscando el significado de alert mensaje, encontraras eso en el web de providor de rules. e.g. ET.

Perdona mi español. Estoy aprendiendo.

Topic		Replies	Views
SURICATA HTTP unable to match response to request Rules	1	3238	November 1, 2021
Some match bypass? Rules rules	27	1960	September 17, 2021
What does "Alerts" mean in the output of suricata?	12	661	September 19, 2023
Http.log failed to log all http\s events	7	704	February 21, 2023
Suricata alert re: suspicious UDP traffic ? What should I do? Help	2	599	June 1, 2023

Alertas suricata - explicacion e interpretacion

Related topics