[Oisf-users] Suricata works; now what?
Erich Lerch
erich.lerch at gmail.com
Wed May 6 06:29:56 UTC 2015
James,
you have several options (apart from just watching the fast.log with "tail -f"):
- Elasticsearch/Kibana (ELK stack): https://www.elastic.co/
- EVEbox (https://github.com/jasonish/evebox), also based on Elasticsearch
- Snorby (https://snorby.org/)
- Splunk (especially if you already have an instance running)
Then there is OSSIM and ELSA, too, i have no experience with those, however.
--
erich
2015-05-06 8:09 GMT+02:00 James Moe <jimoe at sohnen-moe.com>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello,
> suricata 2.0.7
> linux 3.16.7-21-desktop x86_64
>
> Suricata seems to be functioning correctly now that I gotten the
> system set up appropriately.
> I am sure there are automated tools for alerting the user/admin that
> alerts have been discovered.
> What are typical tools for monitoring suricata results?
>
> - --
> James Moe
> moe dot james at sohnen-moe dot com
> 520.743.3936
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iEYEARECAAYFAlVJr/wACgkQzTcr8Prq0ZOOVgCglxzQR0PkaSG30pl/NghE/4sE
> si0An1GkCAIorD38FxmJOKsgouv0qyAf
> =IGEM
> -----END PGP SIGNATURE-----
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
More information about the Oisf-users
mailing list