Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Suricata Sample Event Message

Use these sample event messages to verify a successful integration with JSA.

Note:

Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Suricata sample message when you use the Syslog protocol

The following sample event message shows that Suricata detected that malware was being downloaded by an HTTP request.

Table 1: Highlighted fields in the Suricata event

JSA field name

Highlighted payload field name

Event ID

gid + “:” + signature_id

Source IP

src_ip

Source Port

src_port

Destination IP

dest_ip

Destination Port

dest_port

Protocol

proto

Device Time

timestamp