kodegeek · @josevnz
43 followers · 215 posts · Server fosstodon.org
kodegeek · @josevnz
41 followers · 214 posts · Server fosstodon.org

Busy working on important refactoring and bug-fixes for SuricataLog. It's been a while and the project needs some love.

So far changes looking good.

#python #pypi #suricata #suricatalog

Last updated 1 year ago

kodegeek · @josevnz
41 followers · 214 posts · Server fosstodon.org

So cool, first person to report a serious bug on SuriCataLog!. Reproduced the bug, fixed it and uploaded to Pypi:

pypi.org/project/SuricataLog/

#python #pypi #suricata

Last updated 1 year ago

Jan ☕🎼🎹☁️ · @jan
440 followers · 4362 posts · Server fedi.kcore.org

Staring at logs... Is there any good tool out there to visualise those?

#suricata #eve #netflow

Last updated 1 year ago

Mr.Trunk · @mrtrunk
4 followers · 5278 posts · Server dromedary.seedoubleyou.me

SecurityOnline: Suricata 7.0 releases: network IDS, IPS and NSM engine securityonline.info/suricata/

#suricata #defense

Last updated 1 year ago

Marko Jahnke · @markojahnke
114 followers · 365 posts · Server bonn.social

I actually missed the versions after 6.0.10. I was almost sure that prior to the stable switch to 7, there were no more updates to 6.

I was wrong. Now current stable is 6.0.13, and 7.0.0 is on rc2. Thanks to the suricata team.

suricata.io/download/

#suricata #opensource #ids

Last updated 1 year ago

Sylvain Jones :co_avalanche: · @hashfastr
78 followers · 928 posts · Server an.exchange

Thanks for putting executable shell code in the game! My loves it and produces a shot of lag whenever it happens!

#dmz #suricata

Last updated 1 year ago

Tony🆎 · @akatonyab
83 followers · 109 posts · Server masto.es
Peter Czanik · @PCzanik
266 followers · 367 posts · Server fosstodon.org

"Analyze your logs in real-time using " is still one of my favorite blogs after five years. We have now a new destination, but for the rest is shows, that syslog-ng not just stores logs, but also processes them in many ways.

syslog-ng.com/community/b/blog

#suricata #syslog_ng #elasticsearch

Last updated 2 years ago

Matt Franz · @mdfranz
233 followers · 637 posts · Server infosec.exchange

Look what came today! Did a quick install with but ended up going with 12.4

Replaced the Pi4 Bridge and now compiling Suricata 6.0.10 because the pkg doesn't have Redis logging support

#openbsd #freebsd #suricata

Last updated 2 years ago

Malcolm v23.03.0 is a release with enhancements, component version updates and bug fixes.

Malcolm is a powerful, easily deployable (via Docker) network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

  • Enhancements

    • Replace Zeek's misc/scan.zeek with ncsa/bro-simple-scan
    • terminate start and restart scripts once Malcolm has started properly (cisagov/Malcolm#240 and cisagov/Malcolm#241, thanks @Njinx)
    • minor usability improvements for ISO-installed Malcolm and Hedgehog (idaholab/Malcolm#155)
      • Added a "Configure Malcolm" menu item (under the "Internet" GTK menu with the other Malcolm stuff) and launcher on the top panel of icons in Malcolm. This runs ./scripts/install.py --configure in full screen. May look at starting this automatically on first boot in the future. (Malcolm)
      • Added Malcolm shortcut to gtk-3.0/bookmarks so it shows up in Thunar sidebar (Malcolm)
      • Added /opt/sensor/sensor_ctl shortcut to gtk-3.0/bookmarks so it shows up in Thunar sidebar (Hedgehog)
      • Have tilix from launcher panel start in /opt/sensor/sensor_ctl (Hedgehog)
    • minor tweaks to defaults for install.py --configure (enable offline-capable file scanners by default)
    • interrupt startup import script when netbox-restore is run
    • added NetBox restore logic to reset_and_auto_populate.sh script (used mostly for demos and presentations)
  • Component version updates

  • Fixes

    • last few seconds' Zeek logs prior to log rotation may be lost (idaholab/Malcolm#151)
    • in ISO-packaged Malcolm installation scripts directory, symlink netbox-backup and netbox-restore to control.py
    • improve opensearchpy connect/health check logig in pcap_watcher.py in pcap-monitor container

#netbox #arkime #malcolm #opensearch #zeek #suricata #pcap #networktrafficanalysis #cybersecurity #cyber #infosec #github #inl #dhs #cisa #CISAgov

Last updated 2 years ago

Emily🏳️‍⚧️ · @emily
384 followers · 1081 posts · Server hackaday.social

One IP address keeps hammering me with CVE-2021-35394 every 4 hours... fortunately being dropped by , but still WTF

#suricata

Last updated 2 years ago

Emily🏳️‍⚧️ · @emily
384 followers · 1081 posts · Server hackaday.social

Sometimes I like to read my logs in and occasionally see some neat things

#suricata #pfSense

Last updated 2 years ago

Tenzir · @Tenzir
9 followers · 12 posts · Server infosec.exchange

Exciting news! We've launched a Discord server.
Join us and be part of the vibrant community we're building. Talk about Zeek, Suricata, SecOps, and
detection engineering.
vast.io/discord

#opensource #foss #cybersecurity #zeek #suricata #secops #secdataops

Last updated 2 years ago

Security Onion 🧅​ · @securityonion
1154 followers · 71 posts · Server infosec.exchange
Marko Jahnke · @markojahnke
98 followers · 302 posts · Server bonn.social

Unfortunately, 7 does not compile on 11 bullseye due to an older version.

But since debian 12 bookworm is on its way, I hope to be able to compile it by the summer this year.

#suricata #debian #rust #opensource #networksecuritymonitoring #ids

Last updated 2 years ago

Marko Jahnke · @markojahnke
98 followers · 301 posts · Server bonn.social

Yesterday, 6.0.10 (stable) was released. Version 7 has a first release candidate:

suricata.io/download/

#suricata #opensource #NetworkMonitoring #ids

Last updated 2 years ago

Victor Julien · @inliniac
61 followers · 15 posts · Server mastodon.social
Sylvain Jones :zia: · @hashfastr
62 followers · 386 posts · Server an.exchange

Fucking fucking kicking me out of an comp match 😡😡😡😡😡

#suricata #overwatch

Last updated 2 years ago

Tenzir · @Tenzir
8 followers · 11 posts · Server infosec.exchange

Our latest blog post is on VAST's new REST API plugin. Learn how VAST's architecture makes it easy to build and scale. Check out the examples for running a query or simply getting the status of your VAST node.
vast.io/blog/the-new-rest-api

#secops #dataengineering #zeek #suricata

Last updated 2 years ago