how can we send suricata alert to the slack channel
Perhaps via a “watcher” mechanism that detects when new alerts are logged to the output type configured for eve-log is one way to solve the problem. The watcher can gather the Suricata alert(s) and communicate with the Slack interconnect.
Thanks a lot for reply, But the Watcher is a licensed feature. Can u please suggest anythings else which is third party free and opensource.
I think Jeff is referring to just some generic “watcher” tool, not a specific licensed one (I’m taking a guess you might be referring the Elastic’s Slack integration in their x-pack).
Suricata has no integration with Slack itself, so you’ll need some tool to watch the logs and forward those to Slack.