Skip to content

CybercentreCanada/assemblyline-service-suricata

Repository files navigation

Suricata Service

This service scans network capture files with signature and extract files from network capture.

NOTE: This service does not require you to buy any licence and is preinstalled and working after a default installation

Execution

The Suricata configuration file is available in suricata_.conf.suricata.yaml.

The ruleset(s) configured by default for use with this service are:

Organizations can add their own rulesets to this service.

Test if working

Inside the container run:

python -m assemblyline_v4_service.dev.run_service_once suricata_.suricata_.Suricata /tmp/testing.pcap