Suricata Logs on Splunk

JorgeLopes · March 22, 2023, 10:53am

Hey Guys,
Need some help, to understand suricata logs, i’ve read some of the documentation, and i almost understand the format of the logs.
i’m trying to analyze some logs with splunk.
the sample data i’m using i can identify 5 alerts on the specific ransomware, but from those 5 alerts all with severity 1, how to separate the false positives, from the real one?

Hope anyone can help me
Thank you

Andreas_Herz · July 31, 2023, 8:30pm

Hard to tell without more details on your setup. You could leverage splunk features to filter stuff that you don’t want to see or based on the metadata of rules like the severity.

Topic		Replies	Views
How can we process suricata alerts	1	82	March 25, 2024
Hunting a spyware and log messages Help suricata	2	349	March 9, 2024
Weird result when comparing Suricata detections with snort (using same traffic) - what am I missing? Help	4	784	December 13, 2021
Console output?	5	697	May 5, 2021
A little help with the investigation of an alert	8	833	March 19, 2023

Suricata Logs on Splunk

Related Topics