"Traffic & Attack Map for Suricata" is forked from Matthew May's Attack Map at GitHub
"Traffic & Attack Map for Suricata" is modified to work with Suricata's eve.json file. It shows the inbound traffic only which includes normal and attack traffic. It is designed for Python 3 and Ubuntu Server 16.04 LTS. It is also designed to install on the box of Suricata.
The map shows "DROP" or "ALERT" when the traffic is dropped or alerted by Suricata. Meanwhile, other traffic will be shown as its nature (Event Type), such as DNS, TLS, FILEINFO and etc.
"Traffic & Attack Map for Suricata" is released under GPLv3 by Samiux.
(1) Working Suricata dedicate server as IDPS on Ubuntu Server
(2) Python 3.x
(3) Web server with websocket function
(4) Redis server
Then configure your web server to point the root directory to "/var/www/geoip-attack-map/AttackMap". Make sure you have enabled "websocket" module or function on your web server. Meanwhile, the port for the websocket is 8888 by default.
*** Setting up web server to work with this project is out of scope of this guide.
Step 5 :
Since Redis server requires this setting to avoid performance issue, you need to edit the boot parameter in Grub.