Suricata

Suricata Logo

Suricata is a network intrusion detection system with a rule matching engine to detect malicious traffic patterns. Additionally, Suricata generates various protocol and file logs. The EVE output is Suricata’s unified format to log all types of activity as single stream of line-delimited JSON.

VAST has first-class support for importing Suricata EVE output. By inspecting the field event_type, VAST selects one of the types in the Suricata schema.

Importing an eve.log involves specifying suricata as import format:

vast import suricata < eve.log

The documentation for the suricata import format describes the command usage in more technical detail.