Hi,
i’m running 7.0.2 on an Ubuntu 22.04.03 LTS.
I’m using Suricata as an IDS, not as an IPS.
Is there a way of being informed, e.g. via E-Mail, when Suricata detects something ?
Thanks.
Bernd
There is no built-in solution for that, since it could be a lot of mails. I would recommend to think about your post processing and logging. So you could run a script or a log reading tool that would to that job.
Lookup simple event correlator (simple-evcorr. github. io). That plus an email app like sendEmail or ssmtp and you can easily get emails from the fast.log file.