Webinar - Installing and Configuring Suricata with Cuckoo Sandbox (04/02/2020)
HTML-код
- Опубликовано: 3 авг 2024
- The Cuckoo Sandbox has become one of the most popular open-source frameworks for the automation of malware analysis. One of the many benefits of Cuckoo is the ability to expand its capabilities through additional services and tools, such as Suricata. In this webinar, we will walk you through how to get Suricata up and running in a Cuckoo sandbox to get better network traffic analysis. This webinar will begin from a base installation of Cuckoo and show you how to install Suricata, configure Cuckoo to utilize Suricata as a post-processing module and how to update your initial rule set. We will also explore more advanced Suricata setup options to help with performance such as interacting through a unix socket. By the end of this workshop you will be able leverage Suricata’s IDS alerts to help with your malware analysis workflow.'
Original recording date: 04/02/2020 
Наука
Hello, I config suricata on cuckoo sandbox which is on ubuntu vm 18.04 the problem is when i add the socket in processing.conf and in suricata.yaml then run the command
"sudo suricata -c /etc/suricata/suricata.yaml -k none --runmode=autofp --user=cuckoo --unix-socket -vvv"
i get " unix socket bind(/var/run/suricata/cuckoo.socket) erroe: permission denied"
"unable to create unix command socket"
I tried to add full path in suricata.yaml but still nothing works
Hi, have you got a solution how to open accessibility to this dirictory to create a socket?