Suricata for All (S4A) is a distributed intrusion detection system (IDS). It utilizes open source software components to monitor, analyse and capture network traffic to detect possible intrusions.
Docs are located at: docs.s4a.cert.ee
- 'vpn/s4a/serial':
- /srv/reactor/vpn.sls- 'salt/beacon/*/inotify//etc/openvpn/keys':
- /srv/reactor/sign_crt.slsWithout the following open source products, this project would not have been possible:
-
Suricata - Intrusion detection system.
-
Evebox - Web based alert and event management tool for events generated by the Suricata network threat detection engine https://evebox.org
-
Netdata - a system for distributed real-time performance and health monitoring. In this project itis meant for independent health monitoring of detector installations.
-
nfsen - NfSen is a graphical web based application for the nfdump netflow tool. . Lightweight traffic analysis tool to substitute Moloch.
-
Moloch - Moloch is an open source, large scale, full packet capturing, indexing and database system.
-
OpenVPN - Open Source VPN software.
-
Elasticsearch - Elasticsearch is a Lucene based distributed full-text search and analytics engine designed for horizontal scalability, maximum reliability, and easy management.
-
Telegraf - Telegraf is a metrics reporting agent written in Go for collecting, processing, aggregating and sending metrics to InfluxDB.
-
InfluxDB - Time Series Database Monitoring & Analytics
-
Grafana - The open platform for beautiful analytics and monitoring
-
Loopback - Web interface to manage detector settings and other aspects. Communication with salt and web interface is done via loopback connected to a MongoDB database.
-
SaltStack - Configuration management and orchestration for both detector and central components