[Oisf-users] Suricata with Sagan
Champ Clark III
cclark at quadrantsec.com
Mon Mar 20 20:41:00 UTC 2017
Sagan has a very new output plugin for EVE Alert format.
Yes, You can use unified2 to get the data into a MySQL/PostgreSQL/whatever database to do correlation between Suricata & Sagan data. Sagan doesn't have "flow ids" like Suricata, but you should be able to correlated on source/destination/ports/etc.
From: "Alexis Fredes Hadad" <amfh2408 at gmail.com>
To: oisf-users at lists.openinfosecfoundation.org
Sent: Monday, March 20, 2017 4:14:56 PM
Subject: [Oisf-users] Suricata with Sagan
Hello!
I am trying to correlate Suricata's output logs events with Sagan. I already found that I could take Suricata's unified2 output and correlate this with Sagan as an input. Am I right? Thanks
Alee
[ https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail ] Libre de virus. [ https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail | www.avast.com ] [ https://a.quadrantsec.com/#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2 ]
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170320/41e16a64/attachment-0002.html>
More information about the Oisf-users
mailing list