View Categories

Threats Management Tab

User Guide for Threats Management Tab #

Welcome to the User Guide for the Suri Oculus Threats Management Tab in web client, a sophisticated tool designed for real-time handling, querying, and management of security threats. Utilizing Suricata for event detection and Redis for data storage, this guide provides comprehensive information to effectively interact with the system using its extensive features.

System Overview #

The Threats Management Tab provides a robust backend solution for monitoring, analyzing, and managing network security threats. It interfaces through RESTful APIs and is crafted to allow seamless interactions with threat data, making it ideal for integration into security operations centers and web applications.

Key Features #

  1. Threat Retrieval by Days:

    • Retrieve threats seen within a specified number of days.

    • Usage: Send a GET request to /threats/{n_days} to paginate results.

  2. Asynchronous Threat Data Download and Unzip:

    • Initiate asynchronous download and extraction of threat data.

    • Usage: Issue a POST request to /download to start the background operation.

  3. Threat Search by IOC Type:

    • Search threats based on the Indicator of Compromise (IOC) type such as IP, URL, or domain.

    • Usage: Access /threats/type/{ioc_type} to fetch threats matching the specified IOC type.

  4. Toggle Threat Status:

    • Enable or disable a threat directly through its unique identifier.

    • Usage: Use the PUT method on /threats/status/{threat_id} to change the threat’s active status.

  5. Advanced Search Capabilities:

    • Perform advanced searches using multiple parameters such as threat type, confidence level, and first seen date.

    • Usage: Navigate to /threats/search with the necessary query parameters to filter the results.

  6. Time-Shifted Threat Retrieval:

    • Retrieve threats within a specific time frame relative to the current time.

    • Usage: The endpoint /threats/timeshift/{n_days} accepts parameters to customize the temporal scope of the query.

CORS Support #

  • All HTTP responses include CORS (Cross-Origin Resource Sharing) headers, enabling integration into diverse client environments across different domains.

Error Handling #

  • The system is equipped to handle errors gracefully, providing meaningful error messages in the HTTP response to aid debugging and integration efforts.

Configuration and Setup #

  • System configuration is managed through a configuration file (config++.conf), which includes settings such as paths to threat data files and Redis connection parameters.

Retrieving Log Content #

  • The system can serve the contents of Suricata’s fast.log file, providing real-time access to raw log data.

  • Usage: Access this feature through the endpoint /fastlog, which returns the content of the fast.log file.

Integration Tips #

  • Ensure that your client application is configured to handle JSON responses effectively, as all data exchanged with the backend is in JSON format.

  • Utilize the provided CORS headers if the API is consumed from web applications hosted on different domains.

This user guide aims to equip you with the knowledge to utilize the Suri Oculus Threats Management Tab efficiently. Whether for application integration or enhancing your security posture, the system provides a powerful toolkit for managing and analyzing security threats.

Suri Oculus Threat Tab top image
Spam and Ads Blocking Tab

Content Filtering:

  • Universal Blocking: Checkbox for blocking all content categories.

  • Blocking Fakenews: Checkbox for blocking fake news.

  • Blocking Porno: Checkbox for blocking pornographic content.

  • Blocking Gambling: Checkbox for blocking gambling content.

  • Blocking Social: Checkbox for blocking social networks.

  • Save and Reload Suricata: Button to save filtering settings and reload Suricata.

Filtering by IoC (Indicator of Compromise) Types:

  • IoC URL Type Rules: Checkbox to enable or disable URL-based rules.

  • IoC IP Type Rules: Checkbox to enable or disable IP address-based rules.

  • IoC Domain Type Rules: Checkbox to enable or disable domain name-based rules.

  • Save Changes and Reload Suricata: Button to save IoC settings and reload Suricata.

IoC Search and Management:

  • Enter ID: Field to enter the IoC identifier.

  • Search by ID: Button to search for IoC by identifier.

  • Please Choose IoC Type: Dropdown list to select the IoC type, such as URL, IP

    , domain, and others.

  • Search by Type: Button to search for IoC by the selected type.

  • Please Choose Status: Dropdown list to select the IoC status (enabled or disabled).

  • Search by Status: Button to search for IoC by status.

  • Enter Time Period in Days: Field to enter the time period in days for IoC filtering.

  • Get All Threats: Button to display all IoCs.

  • Select IoCs: Button to select IoCs for the specified period.

  • Update IoC File: Button to update the IoC file.

  • Generate Rules: Button to generate rules based on IoCs.

  • Toggle IoC Status: Button to toggle the status of IoCs (enabled/disabled).

Suri Oculus Threat Tab bottom image
Spam tab (bottom)

Additional Elements:

  • IoC Display Area (IOCContent): Displays IoCs and search results.

  • IoC Pagination (iocpagination): “Previous” and “Next” buttons for navigating through IoC pages. Displays the current page (currentThreatPage).

  • Page Size Selection (IOCpageSizeSelect): Allows selecting the number of IoCs displayed per page (10, 20, 30).

  • IoC Details (IOCDetails): Displays detailed information about the selected IoC.



IOC database.

Contact Us