Im newbie using Suricata.
I just want to ask If I want to get logs from endpoint and server does it work or not ?
I want to intergrate Suricata with Wazuh to get logs from is it possible or not ?
Suricata works on network traffic as data input, so either live traffic or pcaps. Suricata itself produces logs but does not consume logs. This is something done in post processing or backends.
What if I use Suricata as IDS to integrates with Wazuh to get logs from Suricata. is it’s working or not sir
it should be possible (one proof of concept): Network IDS integration - Proof of Concept guide · Wazuh documentation