Skip to content

Install Instructions: Suricata Integration Prototype

Jump to bottom Edit New page
askkemp edited this page Jul 28, 2017 · 2 revisions

Suricata Integration Prototype (laika_redis_client.py)

We have released a proof of concept feature for Suricata that allows it to store extracted files and their associated metadata in a Redis database. You will find this code under a new branch in our Suricata fork. We hope to refine the implementation and eventually have it accepted by the project.

Once you've enabled file extraction and the optional Redis integration in Suricata, you can extract these files from Redis and submit them to Laika BOSS for scanning by using the middleware script laika_redis_client.py as shown below.

Note that it requires the python-redis module.

   pip install python-redis

First, start laikad.py in async mode:

./laikad.py -a

Then launch the middleware script and give it the address of the laikad broker and Redis database (defaults shown below):

./laika_redis_client.py -b tcp://localhost:5558 -r localhost -p 6379

Note that you will need to use a logging module such as LOG_FLUENT to export the full scan result of the these file scans from laikad.

Add a custom footer
Add a custom sidebar
Clone this wiki locally