This service scans network capture files with signature and extract files from network capture.
NOTE: This service does not require you to buy any licence and is preinstalled and working after a default installation
The Suricata configuration file is available in suricata_.conf.suricata.yaml.
The ruleset(s) configured by default for use with this service are:
Organizations can add their own rulesets to this service.
Just inside the container run:
python -m assemblyline_v4_service.dev.run_service_once suricata_.suricata_.Suricata /tmp/testing.pcap