Suricata SOC Investigation app icon

Suricata SOC Investigation

Splunk app for investigating Suricata alerts with dashboards, anomaly detection, MITRE mapping, and SOC-focused analysis workflows.

Built by
splunk product badge
screenshot
screenshot
screenshot
screenshot
Latest Version 1.1.1
April 25, 2026
Compatibility
Splunk Enterprise, Splunk Cloud
Platform Version: 10.3, 10.2, 10.1, 10.0, 9.4, 9.3, 9.2, 9.1, 9.0
Rating

0

(0)

Log in to rate this app
Support
Suricata SOC Investigation support icon
Developer Supported app
Suricata SOC Investigation is a Splunk app for investigating Suricata IDS and IPS alerts through analyst-focused dashboards, correlation views, anomaly detection, and ATT&CK-aligned context. It helps SOC teams move beyond basic alert counts by providing workflows for triage, attack-story reconstruction, target risk scoring, MITRE mapping, and alert-driven investigation. The app is designed for security analysts who ingest Suricata data into Splunk and need a practical investigation experience built around detection review, prioritization, and response-oriented analysis.

Categories

Investigative, SIEM

Created By

Kaled Aljebur

Source Code

suricata-soc-investigation(Opens new window)

Type

app

Downloads

76

Licensing

Apache License Version 2.0(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing