Skip to content

Suricata

Description

Constructor : Suricata
Product : Suricata

Log sample

Json input log message :

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
{
    "timestamp": "2009-11-24T21:27:09.534255",
    "event_type": "alert",
    "src_ip": "192.168.2.7",
    "src_port": 1041,
    "dest_ip": "x.x.250.50",
    "dest_port": 80,
    "proto": "TCP",
    "alert": {
        "action": "allowed",
        "gid": 1,
        "signature_id" :2001999,
        "rev": 9,
        "signature": "ET MALWARE BTGrab.com Spyware Downloading Ads",
        "category": "A Network Trojan was detected",
        "severity": 1
    }
}

Fields normalization

Constructor field LMC field
[init][host][ip] [init][host][ip]
[target][host][ip] [target][host][ip]
[src_port] [init][host][port]
[dest_port] [target][host][port]
[proto] [app][name][proto]
[event_type] [type]
[timestamp] [obs][ts]
[alert][severity] [alarm][sev]
[alert][signature_id] [suricata][alert][signature_id]
[alert][rev] [suricata][alert][rev]
[alert][gid] [suricata][alert][gid]
[alert][signature] [suricata][alert][signature]
[alert][action] [action]
[alert][category] [alarm][name]
[http][hostname] [init][user][hostname]
[http][url] [target][uri][full]
[http][http_user_agent] [http_user_agent]
[http][http_content_type] [http_content_type]
[http][http_refer] [suricata][http][http_refer]
[http][http_method] [app][method]
[http][protocol] [app][protocol][name]
[http][status] [suricata][http][status]
[http][length] [suricata][http][length]
[dns][type] [action]
[dns][id] [dns][id]
[dns][rrname] [dns][target][name]
[dns][rrtype] [dns][target][record]
[dns][ttl] [dns][time_response]
[dns][rdata] [dns][target][response]