Suricata IDS/IPS log analytics using the Elastic Stack.
sýnesis™ Lite for Suricata v1.1.0 provides support Elastic Stack 7.x. The support for document types has been completely removed in Elasticsearch 7.0.0. This has required changes to the index templates provided with sýnesis™ Lite for Suricata. You MUST first successfully upgrade to Elastic Stack 7.0.x PRIOR to using sýnesis™ Lite for Suricata v1.1.0.
v1.0.1 is a patch release. No migration of data is necessary from v1.0.0 to v1.0.1.
This release fixes a few minor bugs and updates the IP reputation dictionary, as well as the GeoIP DBs.
This is the initial release of sýnesis™ Lite for Suricata. It provides basic log analytics for Suricata IDS/IPS using the Elastic Stack. It is a solution for the collection and analysis of Suricata "eve" JSON logs. This includes alerts, flows, http, dns, statistics and other log types.