Suricata anomaly detected from source IP address
Set up the suricata integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect when Suricata raises an anomaly based detection.
Strategy
The rule monitors the anomaly type of Suricata log for when there is an anomaly detected from a source IP address.
Triage and response
- Investigate the anomaly generated from
{{@network.client.ip}} by anomaly type - {{@anomaly.type}} and anomaly event name - {{@anomaly.event}} - Examine the reassembled traffic to understand the nature of the anomaly and determine if the anomaly is due to benign network issues or malicious activity.
- If the anomalies are deemed malicious, take steps to block the offending traffic and strengthen network defences.
