Merge branch 'master' of https://github.com/angolo40/mikrocata2selks

README.md

@@ -71,7 +71,8 @@ Add Mikrotik User
 ## Show your support
 
 - Give a ⭐️ if this project helped you!
-
+- BTC: bc1qga68pwf49sfhdd9nj96m8e2s65ypjegtx8lafj
+- BNB: 0x720b2b3e4436ec7064d54598BAd113e5293fF691
 ***
 
 _This README was generated with ❤️ by [readme-md-generator](https://github.com/kefranabg/readme-md-generator)_

TZSPreplay@.service

@@ -12,4 +12,4 @@ ProtectSystem=full
 ProtectHome=true
 
 [Install]
-WantedBy=multi-user.target' > /etc/systemd/system/TZSPreplay@.service
+WantedBy=multi-user.target

mikrocata.py

@@ -35,6 +35,9 @@ LOCAL_IP_PREFIX = "192.168."
 WHITELIST_IPS = (WAN_IP, LOCAL_IP_PREFIX, "127.0.0.1", "1.1.1.1", "8.8.8.8")
 COMMENT_TIME_FORMAT = "%-d %b %Y %H:%M:%S.%f"  # See datetime strftime formats.
 
+#Set comma separated value of suricata alerts severity which will be blocked in Mikrotik. All severity values are ("1","2","3")
+SEVERITY=("1","2") 
+
 ################# END EDIT SETTINGS
 # ------------------------------------------------------------------------------
 
@@ -127,8 +130,13 @@ def add_to_tik(alerts):
 
     address_list = api.path("/ip/firewall/address-list")
     resources = api.path("system/resource")
+
     # Remove duplicate src_ips.
     for event in {item['src_ip']: item for item in alerts}.values():
+
+        if str(event["alert"]["severity"]) not in SEVERITY:
+            break
+
         if not in_ignore_list(ignore_list, event):
             timestamp = dt.strptime(event["timestamp"],
                                     "%Y-%m-%dT%H:%M:%S.%f%z").strftime(