cspj-application/docker/suricata/suricata/etc/suricata.yaml

%YAML 1.1
---
# Suricata configuration file

vars:
  address-groups:
    HOME_NET: "[192.168.0.0/16]"
    EXTERNAL_NET: "any"

  port-groups:
    HTTP_PORTS: "80"

# Define Suricata as an inline IPS
af-packet:
  - interface: wlan0
    threads: auto
    cluster-id: 99
    cluster-type: cluster_flow
    defrag: yes
    bypass: no

# Define network capture method
pcap:
  - interface: wlan0
    buffer-size: 512mb

ips:
  mode: "inline"
  default-rule-action: "drop"

outputs:
  - fast:
      enabled: yes
      filename: "/var/log/suricata/fast.log"
  - eve-log:
      enabled: yes
      filetype: regular
      filename: "/var/log/suricata/eve.json"
      types:
        - http:
            extended: yes     # Log full request details
            body: yes         # Log request body

  - pcap-log:
      enabled: yes
      dir: "/var/log/suricata/pcap"
      filename: "full-packet-log.pcap"
  - stats:
      enabled: yes
      filename: "/var/log/suricata/stats.log"
      append: yes
      totals: yes
      threads: yes

# Define the HTTP inspection settings
app-layer:
  protocols:
    http:
      enabled: yes
      libhtp:
        default-config:
          personality: IDS
          request-body-limit: 4096
          response-body-limit: 4096
          request-body-minimal-inspect-size: 512
          response-body-minimal-inspect-size: 512
          request-body-inspect-window: 4096
          response-body-inspect-window: 4096

logging:
  outputs:
    - console:
        enabled: yes
    - file:
        enabled: yes
        filename: "/var/log/suricata/suricata.log"

stats:
  enabled: yes
  interval: 30

unix-command:
  enabled: yes
  filename: suricata-command.socket

# Enable rule management
default-rule-path: /etc/suricata/rules

rule-files:
  - suricata.rules