In snort I can easely get packet length attribute (pkt_len) related to an alert. However in Suricata I don’t see these information in JSON alerts (from eve.json). How can I get these information?
i have a running IPS/IDS on access point, all traffic is going from this access point. Now is there any way or tool that calculate the throughput of this IPS/IDS. Thanks in advance.
Could anyone please make a step by step guide of how to add Suricata-Update to the Suricata .msi installer for Windows?
note: The Suricata is a free and open source, mature, fast and robust network threat detection engine (IDS, IPS).
The update tool for Linux is here, however, I couldn’t find any tools for windows OS.
I use the Suricata as IDS on the local network that it doesn’t the internet. It logged a few alerts from some clients that said
A Network Trojan was detected. All log’s properties are in the following:
Source: Client IP
Destination: Server IP
Signature: ET POLICY SMB2 NT Create AdnX Request For an Executable File in a Temp Directory. Category: A Network Trojan was detected
I have Kaspersky antivirus that updated and also I have Malwarebytes that updates too, however, they hadn’t detected any trojans.
Is this a false positive or maybe a real trojan that the antimalware can’t detect it?
Server OS: Windows server 2012
Client OS: Windows 7 and 10
Virustotal scans are detecting threats from the Suricata default rule pack located https://rules.emergingthreats.net/open/suricata-4.0/
Is this a false positive? https://www.virustotal.com/#/file/c20b744a3ca4d8fef3fa23633db7e94edd064d5ea149be0a4ce063a85046b76f/detection https://www.virustotal.com/#/url/bad1ab778b89d4f8a0a42d0df8b09e37d9ba0e2cffb6169b423e63f9a9fdcafa/detection