[Oisf-users] Suricata Heartbeat Alert

Cooper F. Nelson cnelson at ucsd.edu
Tue Aug 1 16:52:22 UTC 2017

Indeed.  If I was doing something like this for a SOC, I would have it
generate a test alert + ticket at the beginning of every SOC rotation,
to be reviewed and closed by the on-call handler.  Then have an
automated process to alert the SOC management if that doesn't happen.

I can also see value in creating a suite of unit test rules, one for
each protocol and detection mechanism.  Then have scheduled tests and
produce an automated "PASS/FAIL" for each unit test.  For example,
testing file extraction and confirming via a SHA256 checksum.

Back in the day there was also a piece of software called 'snot', that
could be used to generated packets from snort rules, in order to help
test an IDS. 


On 8/1/2017 4:13 AM, Kerry Milestone wrote:
> In many ways, I believe the heartbeat for something like an IDS must be
> out-of-band which tests the entire service platform and not just the
> application itself.

Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170801/b33470fd/attachment-0002.sig>

More information about the Oisf-users mailing list