Suricata will quite happily produce json (http://suricata.readthedocs.io/en/latest/output/eve/eve-json-output.html <http://suricata.readthedocs.io/en/latest/output/eve/eve-json-output.html>) , which works nicely in the the JSONMapParser. You can then use simple field transformations from that map. That said I have seen a few people working on suricata specific parsers to make this even easier.
Simon > On 17 Oct 2017, at 11:27, [email protected] <[email protected]> wrote: > > I would love to see one, and if it doesn't exist in the next few weeks I'm > going to take a stab at it. > > Jon > > On Mon, Sep 25, 2017, 09:49 Carolyn Duby <[email protected]> wrote: > >> >> Is anyone working on a Suricata parser? >> >> https://suricata-ids.org/ >> >> >> I was not able to find an enhancement request for it. >> >> Thanks >> Carolyn >> > -- > > Jon
