[Oisf-users] alerting on alerts

Travis Green travis at travisgreen.net
Tue Mar 27 18:04:25 UTC 2018


Erik, have you considered something like an hourly cron job to diff
fast.log since last run, then email any new lines? Might not be the most
robust solution but will probably get you by while you figure something
better out.

Here's an example: https://pastebin.com/YaQv0mzJ

Hope that helps,
-Travis

On Tue, Mar 27, 2018 at 6:53 AM, erik clark <philosnef at gmail.com> wrote:

> I am trying to find an effective way to alert on critical signatures when
> they find it, preferably by email. What tools can be used to do this? We
> don't have a security team for this, so it has to be pretty straight
> forward. If needed, I can set up an ELK stack to handle this, assuming
> emails can be sent like Splunk. The easiest way to do and manage this, the
> better. :) Thank you for your input!
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
>



-- 
PGP: ABE625E6
keybase.io/travisbgreen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180327/a865c3b7/attachment.html>


More information about the Oisf-users mailing list