[Oisf-users] Suricata response events
Cooper F. Nelson
cnelson at ucsd.edu
Wed Jun 15 19:05:49 UTC 2016
I never got around to doing it, but Moloch use ELK as it's front end, so
it's easy to integrate it with other tools. You can build queries via a
single http request.
So something you could do would be to have a cron job watch the text
logs for events, scrape events you are interested in, turn them in a
moloch url and then email them to a SOC handler. Then they can see the
alert and then just click the link to see IP conversation in context.
-Coop
On 6/15/2016 11:01 AM, Jordon Carpenter wrote:
> Awesome, I will check that out. Thanks!
>
>
> *Jordon Carpenter*
> Rook Security <https://www.rooksecurity.com/>
> *Anticipate, Manage, & Eliminate Threats*
--
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160615/b790aa36/attachment-0002.sig>
More information about the Oisf-users
mailing list