Hi all,
I’m just start using Suricata.
My English is not good.
I see the field “Severity” in eve.json file on OPNsense.
I have the information that “Suricata has three severity levels, 1, 2 and 3. Three being the lowest”.
Please let me know if it’s right or wrong.
Thanks a lot!
Hi @Akai,
I am also a new user of Suricata, but this post may help you (please see in the thread the message from a Suricata team member).
When using Evebox to view events and alerts, it is also visible that the severity level 2 is higher than severity level 3, hence we can guess what about severity level 1
1 Like
Hi @alex_49100 ,
I got it, thank you for your answer
You’re welcome @Akai ! Actually, my prudent answer was linked to the fact that I hadn’t seen yet a level 1 alert by the time when I responded
Further testing rules, some events (eg. website where you can upload a file) caused a level 1, such as “ET POLICY Dropbox.com Offsite File Backup in Use” and in Evebox, it’s easy to see clearly the different levels of events / alerts.
1 Like