Suricata Integration

[mavam]

Suricata generates network metadata and also applies rules that raise alerts if they match the traffic. The Suricata App acts as intermediary to translate threat data from the fabric and dynamically inject it into a running Suricata process.

:100: Definition of Done

• [ ] The app pushes rules from the fabric into a running Suricata process
  • [ ] Extract Suricata rules from STIX Indicator SDO
  • [ ] Maintain a rule file
  • [ ] Use the domain socket to trigger reloads
• [ ] The app publishes Suricata alerts to the fabric
• [ ] The app injects STIX Observed Data into Suricata datasets

[dominiklohmann]

Closing as we are not currently pursuing this.