Suricata

Description

The Suricata network probe is integrated in the M&NTIS platform. It aims at detecting network attacks based on signatures.

The default signatures rules are deployed. Every traffic is forwarded to the Suricata probe. If not selected, Filebeat is by default deployed on the Suricata's machine. It helps the analyst to inspect the alert logs from the logstash.

How to enable

Enable Suricata by clicking on its tile in the log collectors list.

Usage

You can access Suricata:

directly from the running Suricata machine from the running machine lists of M&NTIS or
view the logs in the logstash

Suricata

Suricata

Description

Configuration

How to enable

Usage