Notification from Suricata when it detects an attack?

i’m running 7.0.2 on an Ubuntu 22.04.03 LTS.
I’m using Suricata as an IDS, not as an IPS.
Is there a way of being informed, e.g. via E-Mail, when Suricata detects something ?



There is no built-in solution for that, since it could be a lot of mails. I would recommend to think about your post processing and logging. So you could run a script or a log reading tool that would to that job.

Lookup simple event correlator (simple-evcorr. github. io). That plus an email app like sendEmail or ssmtp and you can easily get emails from the fast.log file.