{"id":18408280,"url":"https://github.com/protectwise/suricata-ipc","last_synced_at":"2025-04-07T08:33:01.693Z","repository":{"id":53294075,"uuid":"213186777","full_name":"protectwise/suricata-ipc","owner":"protectwise","description":"IPC Packet Sharing with Suricata","archived":false,"fork":false,"pushed_at":"2021-03-31T19:46:48.000Z","size":4258,"stargazers_count":5,"open_issues_count":1,"forks_count":6,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-22T16:02:10.890Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/protectwise.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING","funding":null,"license":"LICENSE-APACHE","code_of_conduct":"CODE_OF_CONDUCT","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-10-06T14:49:47.000Z","updated_at":"2024-06-12T05:45:58.000Z","dependencies_parsed_at":"2022-08-19T19:20:45.917Z","dependency_job_id":null,"html_url":"https://github.com/protectwise/suricata-ipc","commit_stats":null,"previous_names":[],"tags_count":39,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/protectwise%2Fsuricata-ipc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/protectwise%2Fsuricata-ipc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/protectwise%2Fsuricata-ipc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/protectwise%2Fsuricata-ipc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/protectwise","download_url":"https://codeload.github.com/protectwise/suricata-ipc/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247620834,"owners_count":20968295,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T03:18:07.622Z","updated_at":"2025-04-07T08:32:56.683Z","avatar_url":"https://github.com/protectwise.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# suricata-ipc\n\nLibrary to enable packet sharing with suricata, and reading alerts from an eve\nsocket. Alerts read can then use an intel cache to determine additional metadata\nabout them.\n\n```rust\nuse suricata_ipc::prelude::*;\n\n#[tokio::main]\nasync fn main() {\n    let rules = Rules::from_path(\"my.rules\").expect(\"Failed to parse rules\");\n    let config = Config::default();\n    let rules = Rules::from_path(resources.join(\"test.rules\")).expect(\"Could not parse rules\");\n    let cache: IntelCache\u003cRule\u003e = rules.into();\n    cache.materialize_rules(config.rule_path.clone()).expect(\"Failed to materialize rules\");\n\n    let mut ids = Ids::new(config).await.expect(\"Failed to create ids\");\n    let ids_alerts = ids.take_alerts().expect(\"No alerts\");\n\n    send_packets(\u0026mut ids).await.expect(\"Failed to send packets\");\n\n    let alerts: Result\u003cVec\u003c_\u003e, Error\u003e = ids_alerts.try_collect().await;\n    let alerts: Result\u003cVec\u003c_\u003e, Error\u003e = alerts.expect(\"Failed to receive alerts\")\n        .into_iter().flat_map(|v| v).collect();\n    let alerts = alerts.expect(\"Failed to parse alerts\");\n\n    for eve in alerts {\n        println!(\"Eve={:?}\", eve);\n        if let Some(intel) = cache.observed(eve) {\n            if let Observed::Alert { rule, message: _ } = intel {\n                println!(\"Rule={:?}\", rule);\n            }\n        }\n    }\n}\n```\n\n## Develop With Docker\nInstall [lefthook](https://github.com/Arkweid/lefthook/blob/master/docs/full_guide.md). You can then run\n\n    lefthook run develop\n    \n## Building IPC Plugin\nRefer to [IPC Plugin Readme](plugins/ipc-plugin/README.md) for instructions. You will need the IPC plugin\nto use suricata-ipc. \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprotectwise%2Fsuricata-ipc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprotectwise%2Fsuricata-ipc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprotectwise%2Fsuricata-ipc/lists"}