ids.suricata

Introduction

The tags beginning with ids.suricata identify events generated by Suricata.

The full tag must have 3 levels. The first two are fixed as ids.suricata. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service	Tags	Data tables

Product / Service	Tags	Data tables
Suricata threat detection engine	`ids.suricata.alert`	`ids.suricata.alert`
	`ids.suricata.dns`	`ids.suricata.dns`
	`ids.suricata.dns.json`	`ids.suricata.dns`
	`ids.suricata.events`	`ids.suricata.events`
	`ids.suricata.fast`	`ids.suricata.fast`
	`ids.suricata.fileinfo`	`ids.suricata.fileinfo`
	`ids.suricata.files`	`ids.suricata.files`
	`ids.suricata.ftp`	`ids.suricata.ftp`
	`ids.suricata.ftp_data`	`ids.suricata.ftp_data`
	`ids.suricata.http`	`ids.suricata.http`
	`ids.suricata.http.json`	`ids.suricata.http`
	`ids.suricata.ikev2`	`ids.suricata.ikev2`
	`ids.suricata.smb`	`ids.suricata.smb`
	`ids.suricata.smtp`	`ids.suricata.smtp`
	`ids.suricata.ssh`	`ids.suricata.ssh`
	`ids.suricata.stats`	`ids.suricata.stats`
	`ids.suricata.stdout`	`ids.suricata.stdout`
	`ids.suricata.tftp`	`ids.suricata.tftp`

For more information, read more About Devo tags.

These are the fields displayed in these tables: