Hey, I’m a student researching existing network monitors and IDS/IPS for network security.
So far I’ve been working in combination with a company utilising an already existing network monitor but they hope to expand it with an added IDS or IPS. The network monitor they’re using at this moment does not have this feature but does have the ability to send data by an API or XML/JSON files.
I was wondering if Suricata provides the ability to get it’s data from somewhere else or if it’ll also have to monitor the existing network? Can I integrate Suricata with an already running monitor and make them work together or will they just interfere and create unneeded extra weight on the network?