Suricata IDS/IPS reporting

Few weeks ago I found Suricata and started playing with it. By default it will alert to different things it has seen or detected but does not do any outright blocking (the Prevention side of IPS).

So here I am playing around, changing some rules from alert to reject and gathering the data into my Sumo Logic portal.

Here are the results for the last 12 hours from 11:30am on 3/12/2016.

20160312-sumologic-dashboard

I’ll post more on how Suricata is configured in my environment, how the data is sent to Sumo Logic, and how the dashboard was built.

Comments are closed.