This is a module to the Suricata IDS/IPS/NSM log. It parses logs that are in the Suricata Eve JSON format.
This module has been developed against Suricata v4.0.4, but is expected to work with other versions of Suricata.
This is an example of how to overwrite the default log file path.
- module: suricata
eve:
enabled: true
var.paths: ["/my/path/suricata.json"]This module comes with sample dashboards. For example:
For a description of each field in the module, see the exported fields section.