[Oisf-users] Suricata Rules Ingest Splunk
David Decker
x.faith at gmail.com
Sun Apr 14 18:54:35 UTC 2019
So this is for mostly Suricata but I am using rules on Zeek also.
So I am running SecurityOnion 16.04 and using Suricata/Zeek.
Suricata - ET Rules/Snort Rules
Zeek - AlienVault OTX.
I have read that other folks are ingesting the rule sets as a separate
index inside of Splunk (say one for OTX, and one for ET).
Have not gotten around to try and ingest the Suricata Rules yet, they are
in a file called download.rules
2nd question is there a good reason to ingest the rules seperate from what
Zeek/Suricata reports on?
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190414/f969a184/attachment.html>
More information about the Oisf-users
mailing list