Add Suricata package (elastic#186)

* Add Suricata package Import the Suricata Filebeat module via `PACKAGES=suricata mage -v ImportBeats`. * Update dashboards * Fix config and require 7.10.0 * Add missing fields * Update readme * Add filebeat fields * Update for datastream
build-security · Aug 5, 2020 · 6568490 · 6568490
1 parent e96d380
commit 6568490
Show file tree

Hide file tree

Showing 33 changed files with 4,106 additions and 0 deletions.
diff --git a/dev/import-beats-resources/suricata/docs/README.md b/dev/import-beats-resources/suricata/docs/README.md
@@ -0,0 +1,14 @@
+# Suricata Integration
+
+This integration is for [Suricata](https://suricata-ids.org/). It reads the EVE
+JSON output file. The EVE output writes alerts, anomalies, metadata, file info
+and protocol specific records as JSON.
+
+## Compatibility
+
+This module has been developed against Suricata v4.0.4, but is expected to work
+with other versions of Suricata.
+
+## EVE
+
+{{fields "eve"}}