diff --git a/docker/fatt/Dockerfile b/docker/fatt/Dockerfile
new file mode 100644
index 00000000..ce61d55b
--- /dev/null
+++ b/docker/fatt/Dockerfile
@@ -0,0 +1,42 @@
+FROM alpine
+
+# Include dist
+#ADD dist/ /root/dist/
+
+# Get and install dependencies & packages
+RUN apk -U add \
+              git \
+              libcap \
+              py3-libxml2 \
+              py3-lxml \
+              python3 \
+              python3-dev && \
+    apk -U add tshark --repository http://dl-3.alpinelinux.org/alpine/edge/community/ && \
+
+# Setup user
+    addgroup -g 2000 fatt && \
+    adduser -S -s /bin/ash -u 2000 -D -g 2000 fatt && \
+
+# Install fatt
+    mkdir -p /home/fatt && \
+    cd /home/fatt && \
+    mkdir -p log && \
+    git clone --depth=1 https://github.com/0x4D31/fatt && \
+    cd fatt && \
+    pip3 install --upgrade pip && \
+    pip3 install pyshark==0.4.2.2 && \
+
+# Setup configs
+    chown fatt:fatt -R /home/fatt/* && \
+
+# Clean up
+    apk del --purge git \
+                    python3-dev && \
+    rm -rf /root/* && \
+    rm -rf /var/cache/apk/* 
+
+# Start fatt
+STOPSIGNAL SIGINT
+ENV PYTHONPATH /home/fatt/fatt
+WORKDIR /home/fatt/fatt
+CMD python3 fatt.py -i $(/sbin/ip address | grep '^2: ' | awk '{ print $2 }' | tr -d [:punct:]) --print_output --json_logging -o log/fatt.log
diff --git a/docker/fatt/docker-compose.yml b/docker/fatt/docker-compose.yml
new file mode 100644
index 00000000..24aff877
--- /dev/null
+++ b/docker/fatt/docker-compose.yml
@@ -0,0 +1,17 @@
+version: '2.3'
+
+services:
+
+# Fatt service
+  suricata:
+    build: .
+    container_name: fatt
+    restart: always
+    network_mode: "host"
+    cap_add:
+     - NET_ADMIN
+     - SYS_NICE
+     - NET_RAW
+    image: "dtagdevsec/fatt:1903"
+    volumes:
+     - /data/fatt/log:/home/fatt/fatt/log