What components does the system consist of?

Suri Oculus consists of a set of specialized components, each responsible for a specific task:

• Suricata — network IDS/IPS engine, the source of events and telemetry;

• daemonmove — a custom log parsing service:

  • receives Suricata events;

  • normalizes and filters data;

  • controls the event flow;

  • writes processed data to Redis;

• Backend (C++) — management of Suricata and the system as a whole:

  • configuration;

  • operating modes;

  • REST API;

• Redis — the central working data store:

  • events;

  • aggregates;

  • temporary states;

  • data for analytics and AI;

• AI backend (Python / FastAPI) — behavioral and anomaly analysis;

• Web interface (HTML + plain JavaScript) — visualization and analytics;

• oculus tools — a set of auxiliary CLI tools:

  • diagnostics;

  • testing;

  • data maintenance and housekeeping;

  • automation of routine operations.

The architecture is designed to:

• be independent of the eve.json format;
• minimize disk I/O;
• operate reliably under load;
• scale components independently rather than as a monolith.