Hi,
I wish to ingest Suricata IPS logs to my SIEM. Can someone help me with this ?
Is there a Log guide that I can get hold of ? Any way, I can see some samples logs ?
Regards,
Bodhi
Hi,
I wish to ingest Suricata IPS logs to my SIEM. Can someone help me with this ?
Is there a Log guide that I can get hold of ? Any way, I can see some samples logs ?
Regards,
Bodhi
Well what SIEM do you use?
DNIF https://dnif.it/
This support LEEF and CEF log formats.
Regards,
Bodhi
This topic came up in the past, see Feature #1229: Suricata alerts in CEF Format - Suricata - Open Information Security Foundation but so far we don’t have any official support for CEF. I would argue that you need to get (or code) a dedicated tool that converts it.