/assemblyline-service-suricata

Assemblyline 4 network capture analysis service

Primary LanguagePythonMIT LicenseMIT

Suricata Service

This service scans network capture files with signature and extract files from network capture.

NOTE: This service does not require you to buy any licence and is preinstalled and working after a default installation

Execution

The Suricata configuration file is available in suricata_.conf.suricata.yaml.

The ruleset(s) configured by default for use with this service are:

Organizations can add their own rulesets to this service.

Test if working

Just inside the container run:

    python -m assemblyline_v4_service.dev.run_service_once suricata_.suricata_.Suricata /tmp/testing.pcap