Hello Suricata Community,
This project aims to simplify Suricata log processing and make it more accessible to a broader audience, including network analysts, security teams, and even new users unfamiliar with command-line tools.
Current Status of the Project:
The core features of SuriGuard are fully implemented and functional, including:
Real-Time Monitoring:
Live visualization of Suricata events through an interactive dashboard.
Log Parsing and Filtering:
Advanced log filtering by source/destination IP, protocol, and alert type.
Data Visualization Reports:
Export Capabilities:
Generate reports in CSV formats for further use.
The project currently supports integration with Suricata via its EVE JSON output, providing a seamless way to process and analyze logs.
What’s Next?
To optimize and further develop SuriGuard, I am seeking contributors and testers to help with the following:
Testing: Identify potential bugs and provide feedback on user experience.
Feature Development: Collaborate on adding advanced features such as multi-user support, alert correlation, and additional data visualization options.
Optimization: Improve performance for handling large-scale logs and real-time data streams.
How to Get Involved:
Visit the project repository on GitHub:
SuriGuard-A modern web-based management system for Suricata IDS/IPS.
- Log Management & Analysis
- Multi-type log parsing (alert, DNS, HTTP, TLS, files)
- Real-time log collection and monitoring
- Automatic log type detection
- Basic log filtering capabilities
- Log parsing with timestamp and event type validation
- Event Management
- Comprehensive event tracking system
- Event severity and classification
- Interactive event timeline
- Event stage and status tracking
- Detailed event investigation tools
- Event history and processing dialogs
- Rules Management
- Suricata rule listing
- Rule creation and editing interface
- Rule enable/disable functionality
- Basic rule modification capabilities
- Rule metadata tracking (SID, revision, priority)
- User Management
- User list view
- Basic user creation and editing
- User profile management
- Simple access control mechanisms
- System Settings
- Database configuration options
- Suricata configuration management
- Basic system and application settings
- Configuration view and basic editing
Clone the repository and try out the tool:
Installation instructions are provided in the README file.
Provide feedback:
Open issues or discussions on GitHub to share your thoughts and suggestions.
Contribute to development:
Fork the repository, make improvements, and submit pull requests.
Why Join?
This is a great opportunity to collaborate on an open-source project that builds upon the powerful capabilities of Suricata. Whether you are a seasoned developer or someone passionate about network security and visualization, your contribution will help make SuriGuard a valuable tool for the community.