Suricata¶
Description¶
Constructor : Suricata
Product : Suricata
Log sample¶
Json input log message :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | { "timestamp": "2009-11-24T21:27:09.534255", "event_type": "alert", "src_ip": "192.168.2.7", "src_port": 1041, "dest_ip": "x.x.250.50", "dest_port": 80, "proto": "TCP", "alert": { "action": "allowed", "gid": 1, "signature_id" :2001999, "rev": 9, "signature": "ET MALWARE BTGrab.com Spyware Downloading Ads", "category": "A Network Trojan was detected", "severity": 1 } } |
Fields normalization¶
| Constructor field | LMC field |
|---|---|
| [init][host][ip] | [init][host][ip] |
| [target][host][ip] | [target][host][ip] |
| [src_port] | [init][host][port] |
| [dest_port] | [target][host][port] |
| [proto] | [app][name][proto] |
| [event_type] | [type] |
| [timestamp] | [obs][ts] |
| [alert][severity] | [alarm][sev] |
| [alert][signature_id] | [suricata][alert][signature_id] |
| [alert][rev] | [suricata][alert][rev] |
| [alert][gid] | [suricata][alert][gid] |
| [alert][signature] | [suricata][alert][signature] |
| [alert][action] | [action] |
| [alert][category] | [alarm][name] |
| [http][hostname] | [init][user][hostname] |
| [http][url] | [target][uri][full] |
| [http][http_user_agent] | [http_user_agent] |
| [http][http_content_type] | [http_content_type] |
| [http][http_refer] | [suricata][http][http_refer] |
| [http][http_method] | [app][method] |
| [http][protocol] | [app][protocol][name] |
| [http][status] | [suricata][http][status] |
| [http][length] | [suricata][http][length] |
| [dns][type] | [action] |
| [dns][id] | [dns][id] |
| [dns][rrname] | [dns][target][name] |
| [dns][rrtype] | [dns][target][record] |
| [dns][ttl] | [dns][time_response] |
| [dns][rdata] | [dns][target][response] |