[Oisf-users] "Meer" - A dedicated "spooler" for the Suricata & Sagan EVE output formats.
Champ Clark III
cclark at quadrantsec.com
Mon Apr 30 16:53:28 UTC 2018
Hello all,
I've been working on a small project that I thought some fellow Suricata users might be interested in.
The project is called "Meer" and the idea behind it is similar too "Barnyard2", but rather than reading Snort’s “Unified2” files, Meer reads Suricata and Sagan EVE/JSON alert files.
"Meer" can store to the traditional Snort style database so it remains functional with consoles like Snorby, Sguil, etc. We've also extended the database to support extra Suricata metadata (http, tls, dns, etc) from alerts.
"Meer" is fast, simple and light weight.
For more information, please check out https://github.com/beave/meer (the README.md goes into more details).
Thanks!
- Champ Clark III
cclark at quadrantsec.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180430/f19e2d85/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2111 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180430/f19e2d85/attachment.bin>
More information about the Oisf-users
mailing list