Release/v10.9.0 (#1294)

* feat(integrations): add suricata integration

* feat: add support for SURICATA module in syslog integration

* feat: add Suricata module integration and database procedures

* feat(suricata): enhance logstash filter for Suricata event types and actions

* Update suricata.conf

* feat(suricata): update Suricata module configuration and log parsing logic

* Update changelog and version

---------

Co-authored-by: Manuel Abascal <[email protected]>

Author: Kbayero

CHANGELOG.md

@@ -1,4 +1,3 @@
-# UTMStack 10.8.6 Release Notes
+# UTMStack 10.9.0 Release Notes
 
-- Expanded the exclusion dictionary for malicious IP connection logs to reduce false positives.
-- Added support for older Linux versions (RedHat 7, RedHat 8, Ubuntu 20.04).
+- Added New Suricata Integration.

agent/config/const.go

@@ -85,6 +85,7 @@ var (
 	DataTypeAix                 DataType = "ibm_aix"
 	DataTypePfsense             DataType = "firewall_pfsense"
 	DataTypeFortiweb            DataType = "firewall_fortiweb"
+	DataTypeSuricata            DataType = "suricata"
 
 	ProtoPorts = map[DataType]ProtoPort{
 		DataTypeSyslog:         {UDP: "7014", TCP: "7014"},
@@ -102,6 +103,7 @@ var (
 		DataTypeAix:            {UDP: "7016", TCP: "7016"},
 		DataTypePfsense:        {UDP: "7017", TCP: "7017"},
 		DataTypeFortiweb:       {UDP: "7018", TCP: "7018"},
+		DataTypeSuricata:       {UDP: "7019", TCP: "7019"},
 		DataTypeNetflow:        {UDP: "2055", TCP: ""},
 	}
 
@@ -116,7 +118,7 @@ func ValidateModuleType(typ string) string {
 	switch DataType(typ) {
 	case DataTypeSyslog, DataTypeVmware, DataTypeEset, DataTypeKaspersky, DataTypeFortinet, DataTypePaloalto,
 		DataTypeMikrotik, DataTypeSophosXG, DataTypeSonicwall, DataTypeSentinelOne, DataTypeCiscoGeneric,
-		DataTypeDeceptivebytes, DataTypeAix, DataTypePfsense, DataTypeFortiweb:
+		DataTypeDeceptivebytes, DataTypeAix, DataTypePfsense, DataTypeFortiweb, DataTypeSuricata:
 		return "syslog"
 	case DataTypeNetflow:
 		return "netflow"

backend/src/main/java/com/park/utmstack/domain/application_modules/enums/ModuleName.java

@@ -62,5 +62,6 @@ public enum ModuleName {
     SALESFORCE,
     BITDEFENDER,
     SOC_AI,
-    PFSENSE
+    PFSENSE,
+    SURICATA,
 }

backend/src/main/java/com/park/utmstack/domain/application_modules/factory/ModuleFactory.java

@@ -67,6 +67,7 @@ public class ModuleFactory {
     private final ModulePfsense modulePfsense;
     private final ModuleFortiWeb moduleFortiWeb;
     private final ModuleAix moduleAix;
+    private final ModuleSuricata moduleSuricata;
 
 
     public ModuleFactory(ModuleFileIntegrity moduleFileIntegrity,
@@ -129,7 +130,8 @@ public ModuleFactory(ModuleFileIntegrity moduleFileIntegrity,
                          ModuleSocAi moduleSocAi,
                          ModulePfsense modulePfsense,
                          ModuleFortiWeb moduleFortiWeb,
-                         ModuleAix moduleAix) {
+                         ModuleAix moduleAix,
+                         ModuleSuricata moduleSuricata) {
         this.moduleFileIntegrity = moduleFileIntegrity;
         this.moduleO365 = moduleO365;
         this.moduleAzure = moduleAzure;
@@ -191,6 +193,7 @@ public ModuleFactory(ModuleFileIntegrity moduleFileIntegrity,
         this.modulePfsense = modulePfsense;
         this.moduleFortiWeb = moduleFortiWeb;
         this.moduleAix = moduleAix;
+        this.moduleSuricata = moduleSuricata;
     }
 
     public IModule getInstance(ModuleName nameShort) {
@@ -316,6 +319,8 @@ public IModule getInstance(ModuleName nameShort) {
             return moduleFortiWeb;
         if (nameShort.equals(ModuleName.AIX))
             return moduleAix;
+        if (nameShort.equals(ModuleName.SURICATA))
+            return moduleSuricata;
         throw new RuntimeException("Unrecognized module " + nameShort.name());
     }
 }

backend/src/main/java/com/park/utmstack/domain/application_modules/factory/impl/ModuleSuricata.java

@@ -0,0 +1,43 @@
+package com.park.utmstack.domain.application_modules.factory.impl;
+
+import com.park.utmstack.domain.application_modules.UtmModule;
+import com.park.utmstack.domain.application_modules.enums.ModuleName;
+import com.park.utmstack.domain.application_modules.factory.IModule;
+import com.park.utmstack.domain.application_modules.types.ModuleConfigurationKey;
+import com.park.utmstack.domain.application_modules.types.ModuleRequirement;
+import com.park.utmstack.service.application_modules.UtmModuleService;
+import org.springframework.stereotype.Component;
+
+import java.util.Collections;
+import java.util.List;
+
+@Component
+public class ModuleSuricata implements IModule {
+    private static final String CLASSNAME = "ModuleSuricata";
+
+    private final UtmModuleService moduleService;
+
+    public ModuleSuricata(UtmModuleService moduleService) {
+        this.moduleService = moduleService;
+    }
+
+    @Override
+    public UtmModule getDetails(Long serverId) throws Exception {
+        final String ctx = CLASSNAME + ".getDetails";
+        try {
+            return moduleService.findByServerIdAndModuleName(serverId, ModuleName.SURICATA);
+        } catch (Exception e) {
+            throw new Exception(ctx + ": " + e.getMessage());
+        }
+    }
+
+    @Override
+    public List<ModuleRequirement> checkRequirements(Long serverId) throws Exception {
+        return Collections.emptyList();
+    }
+
+    @Override
+    public List<ModuleConfigurationKey> getConfigurationKeys(Long groupId) throws Exception {
+        return Collections.emptyList();
+    }
+}