Suricata docker image adapated for BICEP
The image holds every dependency necessary along with the necessary interface implemented, in order to work with the BICEP application
The main BICEP project is available here
The official Suricata repository can be found here
If you want to use the resulting image with the BICEP framework, keep in mind that in its current version, the Suricata container will need a config that outputs alerts to /opt/logs/alerts_and_anomalies.json. If you do not log to this location, the analysis willnot work properly. A feature for including a whole use selected directory is planned.
In order to be able to start the project you will need to initialize it first. Do this by running:
git submodule update --init --recursive
This fetches the newest version of the submodule for the backend code and is necessary for the application to work seamlessly.
TO build a local version of the image for testing purposes, simply run:
cd ./bicep-suricata
docker buildx build . --build-arg BASE_IMAGE=maxldwg/suricata --build-arg VERSION=8.0.0 -t maxldwg/bicep-suricata:latest --no-cache
Change the version to your desried one