The CIC-IDS2017 dataset includes the results of the network traffic analysis using CICFlowMeter with labeled flows based on the time stamp, source, and destination IPs, source and destination ports, protocols and attack (CSV file)
CICFlowMeter Extracted more than 80 network flow features.
Can Suricata generate this data?
As far I know the answer is no, Suricata dose not extract all of the listed fields above, I assume you want them for ML models?
Yes, I need this data to create a model that feeds the real data to the machine learning model. CICFlowMeter (github) seems only analyzes the pcap file and cannot monitor online traffic with it.
Do you have a solution?
So Suricata produce some of the fields listed above, or fields that are related to them, so if you are doing your own ML features engineering and creating your own model, maybe not all the fields listed in the CIS-IDS dataset are significant for accurate classification.
You other options are to list those significant fields are open a ticket so that might be implemented in future releases
thanks.
Where can I see a list of suricata output fields?
