configuration¶
Manage Suricata configuration and download categories.
read¶
The read API takes an action field.
Valid actions are:
categoriesconfiguration
Input¶
categories¶
Return the list of downloaded categories.
Input example:
{
"action": "categories"
}
configuration¶
Return Suricata configuration.
Input example:
{
"action": "configuration"
}
Output¶
categories¶
Output example:
{
"categories": [
{
"name": "ET-botcc",
"Description": "Botcc"
},
{
"name": "ET-emerging-policy",
"Description": "Policy"
},
...
]
}
configuration¶
Output example:
{
"BlockCategories": [
{
"name": "ET-emerging-dos",
"Description": "Dos"
}
],
"status": "enabled",
"AlertCategories": [
{
"name": "ET-emerging-activex",
"Description": "Activex"
},
{
"name": "ET-emerging-chat",
"Description": "Chat"
}
]
}
validate¶
Validate suricata configuration.
Constraints:
- status: can be
enabledordisabled - BlockCategories, AlertCategories: an array of category ids, the category must already be downloaded
Input¶
configuration¶
Input example:
{
"BlockCategories": ["cat1", "cat2", ...],
"status": "enabled",
"AlertCategories": []
}
update¶
This API requires and action field.
Valid actions are:
configuration: set the given configurationdownload: download Suricata categories