[Oisf-users] Suricata Rules Ingest Splunk

David Decker x.faith at gmail.com
Sun Apr 14 18:54:35 UTC 2019


So this is for mostly Suricata but I am using rules on Zeek also.
So I am running SecurityOnion 16.04 and using Suricata/Zeek.

Suricata - ET Rules/Snort Rules
Zeek - AlienVault OTX.

I have read that other folks are ingesting the rule sets as a separate
index inside of Splunk (say one for OTX, and one for ET).

Have not gotten around to try and ingest the Suricata Rules yet, they are
in a file called download.rules

2nd question is there a good reason to ingest the rules seperate from what
Zeek/Suricata reports on?

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190414/f969a184/attachment.html>


More information about the Oisf-users mailing list