Suricata -> Moloch SID/Signature Name Link Flow Not Working

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system

http://www.cuckoosandbox.org

Other

5.56k stars 1.7k forks source link

Suricata -> Moloch SID/Signature Name Link Flow Not Working #1214

Open keithjjones opened 7 years ago

keithjjones commented 7 years ago

If you click on "SID" or the signature name for Suricata alerts, the Moloch trace appears to be empty. I can't find any in the handful of malware I ran through it that populated Moloch so that the SID or signature finds it. I see data in Moloch when I click on link for an IP address from the Suricata tab, so it is being populated, but not for the SID or signature links.

jbremer commented 7 years ago

Thanks. We should definitely be revisiting the Suricata integration sometime these days :-)