Hi, im new to cybersecurity and TI in general, but i do have a project on my company that uses Suricata, and i’m wondering if i can integrate some tool for malware analysis with suricata, and if so, if there is any way to output logs from this malware analysis tool with evebox as well, just like suricata.
If by malware analysis you mean a tool that scans the files, then yes, Suricata can extract files observed over the network and you can then pipe them to whatever scanner.
There is any docs about it??? If so, it would help me a lot.
As for Suricata, please refer to the following docs: 19. File Extraction — Suricata 7.0.1-dev documentation