Suricata is a network intrusion detection system with a rule matching engine to detect malicious traffic patterns. Additionally, Suricata generates various protocol and file logs. The EVE output is Suricata’s unified format to log all types of activity as single stream of line-delimited JSON.
VAST has first-class support for importing Suricata EVE output. By inspecting
event_type, VAST selects one of the types in the Suricata
eve.log involves specifying
suricata as import format:
vast import suricata < eve.log
The documentation for the suricata import format describes the command usage in more technical detail.