Suricata in combination with an already existing network monitor?

Hey, I’m a student researching existing network monitors and IDS/IPS for network security.

So far I’ve been working in combination with a company utilising an already existing network monitor but they hope to expand it with an added IDS or IPS. The network monitor they’re using at this moment does not have this feature but does have the ability to send data by an API or XML/JSON files.

I was wondering if Suricata provides the ability to get it’s data from somewhere else or if it’ll also have to monitor the existing network? Can I integrate Suricata with an already running monitor and make them work together or will they just interfere and create unneeded extra weight on the network?

Hi.

Suricata can get it’s data from pcap files as well as from network interfaces. I do not think you can send Suricata traffic through either som HTTP api, xml or json files.

How suricata will work with another monitoring solution depends on how the other solution works.
There are however lots of people using Suricata in combinations with plenty of tools that also inspect internet traffic on the same box. So there is nothing wrong with that.