Using Suricata on on data parsed by other protocol parser

Respected Forum Members

I have custom protocol parsers which I am using to parse custom protocols. we get output as json from these parsers.

Now i want to use suricata to perform rules based analysis on this json. what all options i have to perform ids operation on this json data.

also while performing ids operation we need to consider previous packets as well more like a batch processing

Hi Akib,

Thanks for the post.

Suricata is a network IDS/IPS/NSM and as such, processes network frames. Rules govern when alerts or other actions are to be taken.

You could use your JSON output and the rules to perform analysis without Suricata.