{"id":28797514,"url":"https://github.com/albovo/suricata-testing","last_synced_at":"2025-08-17T21:15:12.854Z","repository":{"id":298525991,"uuid":"1000271774","full_name":"AlBovo/Suricata-Testing","owner":"AlBovo","description":"Setup Suricata in IDS mode (and IPS if needed) to protect a simulated industrial network.","archived":false,"fork":false,"pushed_at":"2025-06-11T14:26:50.000Z","size":81,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-19T05:52:35.706Z","etag":null,"topics":["cybersecurity","elasticsearch","ids","ips","logstash","network-security","pcto","suricata"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AlBovo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-11T14:19:11.000Z","updated_at":"2025-06-11T14:26:54.000Z","dependencies_parsed_at":"2025-06-11T16:11:05.794Z","dependency_job_id":"4f6507d9-df2b-47a0-89d0-b0d111a793b1","html_url":"https://github.com/AlBovo/Suricata-Testing","commit_stats":null,"previous_names":["albovo/suricata-testing"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/AlBovo/Suricata-Testing","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlBovo%2FSuricata-Testing","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlBovo%2FSuricata-Testing/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlBovo%2FSuricata-Testing/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlBovo%2FSuricata-Testing/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AlBovo","download_url":"https://codeload.github.com/AlBovo/Suricata-Testing/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlBovo%2FSuricata-Testing/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270907428,"owners_count":24665962,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-17T02:00:09.016Z","response_time":129,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","elasticsearch","ids","ips","logstash","network-security","pcto","suricata"],"created_at":"2025-06-18T04:31:05.472Z","updated_at":"2025-08-17T21:15:12.844Z","avatar_url":"https://github.com/AlBovo.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🛡️ Suricata-Testing 🛡️\n\n[![License: AGPL v3](https://img.shields.io/badge/License-AGPL%20v3-blue.svg)](https://www.gnu.org/licenses/agpl-3.0)\n[![GitHub Issues or Pull Requests](https://img.shields.io/github/issues/AlBovo/Suricata-Testing)](https://github.com/AlBovo/Suricata-Testing/issues)\n\n## 🎯 Objective\nSetup Suricata in IDS mode (and IPS if needed) to protect a simulated industrial network.\n\n## 🌐 Network structure\n     +-----+         +-----+   +-----+\n     |  A  |         |  B  |   |  U  |\n     +-----+         +-----+   +-----+ \n         \\             /         /\n          \\           /---------\n           \\         /\n             +-----+           +-----+\n             |  S  | --------- |  M  |\n             +-----+           +-----+\n                ⇅            /\n          .~~~~~~~~~~~.     /\n       .~~   INTERNET   ~~.\n      '~~~~~~~~~~~~~~~~~~~'\n\nS is the main router and sniffs the forwarded packets to find potential threats using Suricata. The ruleset is defined in `custom.rules`. To use it, you need to uncomment \"suricata-update\" in `start.sh`.\n\n## 🚀 How to Run\n1.  **Build and start the services:**\n    ```bash\n    make\n    ```\n    Alternatively, you can use Docker Compose directly:\n    ```bash\n    docker-compose up -d --build\n    ```\n2.  **Access the GUI:**\n    The GUI is accessible at http://localhost:3000\n\n## 🧪 Tests\nThe scripts to run from the Malicious container (M) are in the `scripts/` folder. These scripts should make requests to the internal network for Suricata to see the traffic. `U` is an unauthorized host, and its requests will be flagged with the current rules.\n\n## 📊 GUI\nThe GUI is accessible at http://localhost:3000.\n\nThe data is from Elasticsearch. To create the dashboard:\n1.  Make a new connection to an Elasticsearch origin: `http://elasticsearch:9200`\n2.  Create the dashboard from there.\n\n## 📜 License\nThis project is licensed under the GNU Affero General Public License v3.0 - see the [LICENSE](LICENSE) file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falbovo%2Fsuricata-testing","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falbovo%2Fsuricata-testing","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falbovo%2Fsuricata-testing/lists"}