Suricata evangelist. Co-founder at @StamusN, QA lead/trainer at @OISFoundation, SEPTun co-author.Tweets are my own.
Feb 14, 2021 • 17 tweets • 18 min read
(1/of a few) Doing some training #threathunting runs with #suricata -with pcap from bit.ly/3jNUCyw
Fun fact: Alerts count only for 8% of the total logs produced - we also have protocol logs like Flow records, KRB5, SMB, DNS, TLS, HTTP, DCERPC,Fileinfo
(2/of a few)
Just as regular protocol and flow logging of #Suricata gives us: