Hello - I'm curious if there is a way to trigger and clear Security Events for nodes in PacketFence?
I don't see anything related to Security Events here -- https://packetfence.org/doc/api/. But I do see GitHub issues related to API and Security Events ( https://github.com/inverse-inc/packetfence/issues/5010). My use case: I want to use Security Onion (which utilizes Suricata and ET Pro Ruleset) to identify nefarious traffic and trigger appropriate security events in PF and isolate nodes. I understand the current method is to use a syslog parser, but the developers at Security Onion suggested it may be easier/better to do it through API calls. I've been able to do things like -- curl -X GET " https://10.2.2.10:9999/api/v1/config/security_event/2000000"; -- which pulls the definition of a Security Event. I can't determine how to trigger/clear security events on a specific node via the API. Any suggestions? Thanks! Max -- Max McGrath <http://www.linkedin.com/in/max-mcgrath-a299124b> Infrastructure and Security Manager Carthage College 262-551-6666 [email protected]
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
