Hello,
got IDS/Suricata running with all rules enabled for the last months, with a couple warnings about protocols, dns etc., but nothing really suspicious. Last week found a couple hundred Log entries with udp packets over NAT to a country I normally not send packets to, with additional incoming tcp traffic from the same country but different IP.
Question 1: How to export the Logs with Payload in a usable format
Question 2: is there a Tool which is able to analyze/fingerprint the stream of packets?
Have a nice day and thank you for reading!
I got the log files, but more important - the json-files - with scp from and used a tool called BRIM to analyze them.
https://www.brimdata.io/
Have a great weekend!