From c84b5c15f4fd4fe4c2181c3b7d31b351945a8a07 Mon Sep 17 00:00:00 2001
From: wellan <guillaume.couchard@sekoia.fr>
Date: Mon, 10 Feb 2025 15:52:33 +0000
Subject: [PATCH] Fixing Suricata configuration errors (although it did not
 stopped it from running), and retrieving destination IP in more use cases
 than before

---
 suricata_/conf/suricata.yaml | 4 ++--
 suricata_/helper.py          | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/suricata_/conf/suricata.yaml b/suricata_/conf/suricata.yaml
index 7af2c69..a7bd8c6 100644
--- a/suricata_/conf/suricata.yaml
+++ b/suricata_/conf/suricata.yaml
@@ -1927,8 +1927,8 @@ __RULE_FILES__
 ## Auxiliary configuration files.
 ##
 
-classification-file: /etc/suricata/classification.config
-reference-config-file: /etc/suricata/reference.config
+classification-file: /usr/local/etc/suricata/classification.config
+reference-config-file: /usr/local/etc/suricata/reference.config
 # threshold-file: /etc/suricata/threshold.config
 
 ##
diff --git a/suricata_/helper.py b/suricata_/helper.py
index 6a9dcef..b54c4d8 100644
--- a/suricata_/helper.py
+++ b/suricata_/helper.py
@@ -109,7 +109,7 @@ def attach_network_connection(data: dict):
 
         network_data = {
             "objectid": {
-                "tag": ext_hostname + f"{f':{dest_port}' if dest_port else ''}",
+                "tag": f"{dest_ip if dest_ip else ext_hostname}" + f"{f':{dest_port}' if dest_port else ''}",
                 "time_observed": timestamp,
             },
             "source_ip": src_ip,