<p dir="ltr">I would also recommend looking directly at the alerts on the command line, if you are new to IDS/IPS so you can get a feel for the event flow.</p>
<p dir="ltr">You can do all of this with Security Onion.</p>
<div class="gmail_quote">On May 6, 2015 7:57 AM, "Doug Burks" <<a href="mailto:doug.burks@gmail.com">doug.burks@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi James,<br>
<br>
Here are a few of my favorite interfaces for Suricata alerts:<br>
<br>
- Snorby<br>
<a href="https://www.snorby.org/" target="_blank">https://www.snorby.org/</a><br>
<br>
- Squert<br>
<a href="http://www.squertproject.org/" target="_blank">http://www.squertproject.org/</a><br>
<br>
- Sguil<br>
<a href="https://bammv.github.io/sguil/" target="_blank">https://bammv.github.io/sguil/</a><br>
<br>
- ELSA<br>
<a href="https://code.google.com/p/enterprise-log-search-and-archive/" target="_blank">https://code.google.com/p/enterprise-log-search-and-archive/</a><br>
<br>
If you'd like to quickly try these interfaces, you could try Security<br>
Onion (which includes Suricata as well):<br>
<a href="http://securityonion.net" target="_blank">http://securityonion.net</a><br>
<br>
On Wed, May 6, 2015 at 2:09 AM, James Moe <<a href="mailto:jimoe@sohnen-moe.com">jimoe@sohnen-moe.com</a>> wrote:<br>
> -----BEGIN PGP SIGNED MESSAGE-----<br>
> Hash: SHA1<br>
><br>
> Hello,<br>
> suricata 2.0.7<br>
> linux 3.16.7-21-desktop x86_64<br>
><br>
> Suricata seems to be functioning correctly now that I gotten the<br>
> system set up appropriately.<br>
> I am sure there are automated tools for alerting the user/admin that<br>
> alerts have been discovered.<br>
> What are typical tools for monitoring suricata results?<br>
><br>
> - --<br>
> James Moe<br>
> moe dot james at sohnen-moe dot com<br>
> 520.743.3936<br>
> -----BEGIN PGP SIGNATURE-----<br>
> Version: GnuPG v2<br>
><br>
> iEYEARECAAYFAlVJr/wACgkQzTcr8Prq0ZOOVgCglxzQR0PkaSG30pl/NghE/4sE<br>
> si0An1GkCAIorD38FxmJOKsgouv0qyAf<br>
> =IGEM<br>
> -----END PGP SIGNATURE-----<br>
> _______________________________________________<br>
> Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
> Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
> List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
> Suricata User Conference November 4 & 5 in Barcelona: <a href="http://oisfevents.net" target="_blank">http://oisfevents.net</a><br>
<br>
<br>
<br>
--<br>
Doug Burks<br>
Need Security Onion Training or Commercial Support?<br>
<a href="http://securityonionsolutions.com" target="_blank">http://securityonionsolutions.com</a><br>
_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
Suricata User Conference November 4 & 5 in Barcelona: <a href="http://oisfevents.net" target="_blank">http://oisfevents.net</a><br>
</blockquote></div>