https://github.com/StamusNetworks/suricata-analytics

https://github.com/StamusNetworks/suricata-analytics

Last synced: about 1 month ago
JSON representation

• Host: GitHub
• URL: https://github.com/StamusNetworks/suricata-analytics
• Owner: StamusNetworks
• Created: 2022-03-16T13:45:51.000Z (about 3 years ago)
• Default Branch: main
• Last Pushed: 2025-01-22T16:00:00.000Z (4 months ago)
• Last Synced: 2025-01-22T17:18:52.820Z (4 months ago)
• Language: Jupyter Notebook
• Size: 8.98 MB
• Stars: 31
• Watchers: 8
• Forks: 10
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-suricata - Suricata Analytics - Various resources that are useful when interacting with Suricata data. (Analysis Tools)

README

        
# Suricata Analytics

## Summary

This repository contains various resources that are useful when interacting with Suricata data.

## Jupyter

[Project Jupyter](https://jupyter.org/) provides a interactive data analytics environment. We provide threat hunting and data exploration notebooks which are located under `jupyter/Notebooks`. Those notebooks are designed to interact with [Scirius](https://github.com/StamusNetworks/scirius) REST API endpoints using the `python/surianalytics` data connectors.

## Getting started

### Connection prep

Firstly, set up authentication parameters for connecting to SCS or ClearNDR.

```

cp .env.example .env

```

Edit the `.env` file.

```

# This is the scirius API token you can generate under Account Settings -> Edit Token

SCIRIUS_TOKEN=

# This points to SELKS / Scirius / SSP manager instance

SCIRIUS_HOST=

# Set to "no" if your SELKS / Scirius / SSP manager uses self-signed HTTPS certificate

SCIRIUS_TLS_VERIFY=yes

```

More detailed info about generating the token can be found in [embedded blog post](/jupyter/Notebooks/blogs/playbooks-scirius/JupyterPlaybooksForScirius.ipynb)

### Setting up the python helper

We provide a python library that implements data connector, widgets and various helpers. A clean python virtual environment is recommended.

```

python -m .venv venv

source .venv/bin/activate

pip install .

```

This will set up helper along with most dependencies that we use in notebooks. It does not install jupyter notebooks or jupyterlab itself. Installing it's basically just a tool for interacting with our data connector and not a hard requirement. In other words, embedded lib can be used regardless of editor. But we provide a simple requirements file for env setup.

```

pip install -r requirements.txt

```