Module for Suricata to read eve.json file and looking for specified alerts. If found it, then connect to router MikroTik via API and block the Attack with Firewall.
This is similar like ips-mikrotik-suricata but works with eve.json and not with barnyard2. https://github.com/elmaxid/ips-mikrotik-suricata
Changelog: 18 February 19: v1.1: Add SSH Support 31 October 18: v1.0
Requeriment:
** Features
Instalation
Once we have Suricata working and running on our network, the next step is the instalation of Suricata2MikroTik:
To install, Clone the repository and copy to /var/www/html/suricata2mikrotik
cd /var/www/html/
git clone https://github.com/elmaxid/Suricata2MikroTik
cd suricata2mikrotik
-- to Config
Edit the file config.php with DB and API Logins
Create the DB schema
mysql -u username -p < schema.sql
How work it
For run Suricata, you need to redirect the traffic from MikroTik RouterOS to Suricata server, to do it just use Packet Sniffer or Mangle Send To TZSP Action.