Security Monitoring

suricata security monitoring

What is Suricata?

Suricata is an open-source Intrusion Detection & Prevention System (IDS/IPS) developed by the Open Information Security Foundation (OISF). Its primary function is to scrutinize network traffic on one or more interfaces according to pre-set rules, such as those from the Emerging Threat Open repository. Whenever Suricata identifies an event that matches any of its rules, it generates alert messages. Suricata comes with a host of features designed to ensure maximum network security. These include multi-threading, automatic protocol detection, and advanced flow handling, among others. These features make Suricata a versatile and comprehensive IDS/IPS solution for organizations of all sizes.
Suricata’s alerts and messages can be integrated seamlessly with the ServicePilot web interface in real-time using syslog. This provides security administrators with a unified view of security events, simplifying the process of managing and responding to security threats. It also leverages other ServicePilot features such as advanced alerting, Machine Learning analytics, custom maps, dashboards, automated PDF reporting and more.

How to monitor Suricata?

ServicePilot makes it easy to monitor Suricata requiring minimal configuration on the target device. A resource of the security-suricata package then needs to be added via the ServicePilot web interface.

ServicePilot automatically performs a pre-built search to count Suricata Events by severity and includes a template dashboard in order to analyze data across Suricata Syslogs messages sent to ServicePilot.

The built-in dashboard displays Suricata events by types, top alert messages and signatures, as well as alert classifications over time.

Sending Suricata events with Syslog messages to ServicePilot allows to get a web based console to view suricata events, with built-in customizable dashboards, alerts, PDF reports, as well as other ServicePilot software features such as Machine Learning algorithms, tactical monitoring maps and custom searches.

How to install a suricata resource?

  1. Use your ServicePilot OnPremise installation or a SaaS account.
  2. Add a new suricata resource via the web interface (/prmviews or /prmresources) or via API (/prmpackages page), the default ServicePilot agent or another agent will be provisioned automatically.

Details of the suricata package are located in the /prmpackages page of the software.

Benefits

ServicePilot enables you to deliver IT services faster and more securely with automated discovery and advanced monitoring features.

By correlating the technology SURICATA with APM and infrastructure monitoring, ServicePilot is able to provide a more comprehensive view of an organization's IT environment.

This allows IT teams to quickly identify and diagnose issues that may be impacting application performance, and take corrective action before end-users are affected.

Start with a free trial of our SaaS solution. Explore our plans or contact us to find what works best for you.

Monitor SURICATA (1/2)

Monitor SURICATA (2/2)

Learn more

Free installation in
a few clicks

SaaS Plateform

Flexible deployment according to your needs (SaaS, hybrid, on-premise) to speed up supervision implementation.
  • No on-premise software setup, servicing and configuration complexity
  • Instant setup, complete and pre-configured to ensure robust monitoring

OnPremise Plateform

Flexible deployment according to your needs (SaaS, hybrid, on-premise) to speed up supervision implementation.
  • Contracts and commitments over time ( > 1 year)
  • Performance, Data Storage and Infrastructure Management
  • 2 additional solutions: VoIP and Mainframe monitoring