Category: Architecture and Components

Yes, completely. Possible operating modes: Suricata + visualization (no AI); Suricata + AI-based analysis; analytics without active AI detection. AI modules: do not affect the operation of the core system; are not mandatory; are not involved in traffic blocking. This is a deliberate design choice: […]

Suricata logs: are not used directly as eve.json; data is written to and processed via Redis; export to files is possible if required. AI models: are stored locally on the server; loaded by Python modules at startup; do not require external access or cloud services. […]

The interaction model is as follows: C++ backend: manages Suricata; receives events; writes data to Redis; exposes REST endpoints. Web interface: works directly with the REST API; reads aggregated data from the backend; does not interact with C++ directly. C++ is used where the following […]

Redis is used not as a cache, but as a working data store. Stored in Redis: Suricata events (Flow, DNS, HTTP, TLS, etc.); aggregated statistics; temporary states and counters; data for AI analysis; anomaly results and labels. Reasons for choosing Redis: high performance; minimal disk […]

Suri Oculus consists of a set of specialized components, each responsible for a specific task: Suricata — network IDS/IPS engine, the source of events and telemetry; daemonmove — a custom log parsing service: receives Suricata events; normalizes and filters data; controls the event flow; writes […]