Suricata management¶
Setup¶
The Suricata edit page allows you to setup the parameters of the Suricata.
The parameters are the following:
- Name: hostname of the probe, be sure it is matching value of host field in JSON events
- Descr: description of the suricata
- Rules directory: scirius.rules file will be created in this directory. Suricata must only use this file
- Suricata configuration file: used to detect some configuration settings
- Ruleset: choose the ruleset to use
Updating ruleset¶
To update Suricata ruleset, you can go to Suricata -> Update
(Update
being in the
Actions
menu). Then you have to select which action you want to do:
- Update: download latest version of the Sources used by the Ruleset
- Build: build a Suricata ruleset based on current version of the Sources
- Push: trigger a Suricata reload to have it running with latest build ruleset
You can also update the ruleset and trigger a Suricata reload by running
python manage.py updatesuricata