Analyst1 Suricata

The Analyst1 Suricata integration is designed to fetch Suricata rules from a specified sensor, of type “Suricata”, within the Analyst1 platform.

If the ‘interval_hours’ is set to 0, the integration will attempt to download additional content each time the Corelight-update service runs. See General settings

Once downloaded, the ruleset will be processed with the rulesets from all other sources.

Settings

analyst1_suricata:
  client_id: ""                # Analyst1 API Client ID
  client_secret: ""            # Analyst1 API Secret
  encrypted_client_secret: ""  # Encrypted Analyst1 API Secret (use either client_secret or encrypted_client_secret)
  url: ""                      # Analyst1 Base URL
  enabled: false
  suricata_sensor_id: 0        # Sensor ID with type Suricata
  debug: false
  ignore_tls: false
  request_limit: 1000
  interval_hours: 1