Whether the alarm or rule data is stored in the ES？

StamusNetworks / scirius

Scirius is a web application for Suricata ruleset management and threat hunting.

GNU General Public License v3.0

626 stars 150 forks source link

Whether the alarm or rule data is stored in the ES？ #139

Closed orright closed 6 years ago

orright commented 6 years ago

I installed scirius alone but did not install ES, I sent a test log to SURICATA, which also triggers an alert. fast.log and eve.json have records,but I do not see in scirius.

pevma commented 6 years ago

Scirius queries its data from ES. If you dont have one - that would explain the empty graphs/logs in Scirius.