And new version of SuricataLog is out:

https://github.com/josevnz/SuricataLog/releases/tag/0.1.0

https://pypi.org/project/SuricataLog/

Important bug-fixes and code cleanup.

#suricata #suricatalog #textualize #python #eve

Busy working on important refactoring and bug-fixes for SuricataLog. It's been a while and the project needs some love.

So far changes looking good.

#python #pypi #suricata #suricatalog

So cool, first person to report a serious bug on SuriCataLog!. Reproduced the bug, fixed it and uploaded to Pypi:

https://pypi.org/project/SuricataLog/

#python #pypi #suricata

Staring at #suricata #EVE #netflow logs... Is there any good tool out there to visualise those?

SecurityOnline: Suricata 7.0 releases: network IDS, IPS and NSM engine https://securityonline.info/suricata/ #Suricata #Defense

I actually missed the #suricata versions after 6.0.10. I was almost sure that prior to the stable switch to 7, there were no more updates to 6.

I was wrong. Now current stable is 6.0.13, and 7.0.0 is on rc2. Thanks to the suricata team.

#OpenSource #IDS

https://suricata.io/download/

Thanks #DMZ for putting executable shell code in the game! My #suricata loves it and produces a shot of lag whenever it happens!

Two meerkats skirting a wall, one of them looking intently at the camera.

«Suricata suricatta»

📷 © Tony🆎 #Photography

#BlackAndWhitePhotography #BlackAndWhitePhoto #BlackAndWhite #photo #nonochrome #PhotographyLovers #PhotographyIsArt​ #fotografía​ #meerkat #suricata

"Analyze your #Suricata logs in real-time using #syslog_ng" is still one of my favorite blogs after five years. We have now a new #Elasticsearch destination, but for the rest is shows, that syslog-ng not just stores logs, but also processes them in many ways.

https://www.syslog-ng.com/community/b/blog/posts/analyze-your-suricata-logs-in-real-time-using-syslog-ng

Look what came today! Did a quick install with #OpenBSD but ended up going with #FreeBSD 12.4

Replaced the Pi4 Bridge and now compiling Suricata 6.0.10 because the pkg doesn't have Redis logging support #suricata

Malcolm v23.03.0 is a release with enhancements, component version updates and bug fixes.

Malcolm is a powerful, easily deployable (via Docker) network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

• Enhancements

  • Replace Zeek's misc/scan.zeek with ncsa/bro-simple-scan
  • terminate start and restart scripts once Malcolm has started properly (cisagov/Malcolm#240 and cisagov/Malcolm#241, thanks @Njinx)
  • minor usability improvements for ISO-installed Malcolm and Hedgehog (idaholab/Malcolm#155)
    • Added a "Configure Malcolm" menu item (under the "Internet" GTK menu with the other Malcolm stuff) and launcher on the top panel of icons in Malcolm. This runs ./scripts/install.py --configure in full screen. May look at starting this automatically on first boot in the future. (Malcolm)
    • Added Malcolm shortcut to gtk-3.0/bookmarks so it shows up in Thunar sidebar (Malcolm)
    • Added /opt/sensor/sensor_ctl shortcut to gtk-3.0/bookmarks so it shows up in Thunar sidebar (Hedgehog)
    • Have tilix from launcher panel start in /opt/sensor/sensor_ctl (Hedgehog)
  • minor tweaks to defaults for install.py --configure (enable offline-capable file scanners by default)
  • interrupt #NetBox startup import script when netbox-restore is run
  • added NetBox restore logic to reset_and_auto_populate.sh script (used mostly for demos and presentations)

• Component version updates

  • #Arkime to v4.2.0
  • OpenSearch and OpenSearch Dashboards to 2.6.0
  • Logstash from v8.4.0 to v8.6.1
  • Beats to v8.6.2
  • Zeek to v5.0.7
  • OpenSearch-Py to v2.2.0 (and remove opensearch-dsl which is now part of opensearch-py)
  • Supercronic to v0.2.2
  • Capa to v5.0.0
  • Fluent Bit to v2.0.9
  • Version updates to various Python package dependencies

• Fixes

  • last few seconds' Zeek logs prior to log rotation may be lost (idaholab/Malcolm#151)
  • in ISO-packaged Malcolm installation scripts directory, symlink netbox-backup and netbox-restore to control.py
  • improve opensearchpy connect/health check logig in pcap_watcher.py in pcap-monitor container

#Malcolm #OpenSearch #Zeek #Arkime #Suricata #PCAP #NetworkTrafficAnalysis #CyberSecurity #Cyber #Infosec #GitHub #INL #DHS #CISA #CISAgov

One IP address keeps hammering me with CVE-2021-35394 every 4 hours... fortunately being dropped by #Suricata, but still WTF

Sometimes I like to read my #Suricata logs in #pfSense and occasionally see some neat things

Exciting news! We've launched a Discord server.
Join us and be part of the vibrant community we're building. Talk about Zeek, Suricata, SecOps, and
detection engineering.
https://vast.io/discord
#opensource #foss #cybersecurity #zeek #suricata #secops #secdataops

#SecurityOnion 2.3.210 now available including #Elastic 8.6.1, #Suricata 6.0.10, #Zeek 5.0.6, and more!
https://blog.securityonion.net/2023/02/security-onion-23210-now-available.html

Unfortunately, #suricata 7 does not compile on #debian 11 bullseye due to an older #rust version.

But since debian 12 bookworm is on its way, I hope to be able to compile it by the summer this year.

#OpenSource #NetworkSecurityMonitoring #IDS

Yesterday, #suricata 6.0.10 (stable) was released. Version 7 has a first release candidate:

#OpenSource #NetworkMonitoring #IDS

https://suricata.io/download/

#Suricata 6.0.10 is out:

https://forum.suricata.io/t/suricata-6-0-10-released/

https://github.com/OISF/suricata/releases/tag/suricata-6.0.10

Fucking #suricata fucking kicking me out of an #Overwatch comp match 😡😡😡😡😡

Our latest blog post is on VAST's new REST API plugin. Learn how VAST's architecture makes it easy to build and scale. Check out the examples for running a query or simply getting the status of your VAST node.
https://vast.io/blog/the-new-rest-api

#secops #dataengineering #zeek #suricata