Categorizing rules related to usecases

famina · September 24, 2024, 10:18am

I have few usecases for monitoring Suricata in wazuh.

To create custom rules for this usecases, which all parameters i can take?
Which will be the common tag?

Jeff_Lucovsky · October 21, 2024, 11:55am

Since this question concerns wazuh, I suggest looking at Community | Wazuh and engaging there.

Suricata rules have “classifications” that might help – these are a rule’s classtype value. See 8.2. Meta Keywords — Suricata 8.0.0-dev documentation

Topic		Replies	Views
How the alerts are logged Rules	3	2958	January 30, 2021
Use case of elk using suricata Rules community , rules , suricata	1	142	July 31, 2024
Suricata alert severity levels and how to verify that the maximum level that can be triggered by a test custom rule Help	5	8322	June 13, 2021
Which rules to use?	16	6984	January 25, 2023
Alert based on custom http header with suricata rule Rules aws-network-firewall	3	1003	June 26, 2023