Suricata User Guide¶

1. What is Suricata
- 1.1. About the Open Information Security Foundation
2. Quickstart guide
- 2.1. Installation
- 2.2. Basic setup
- 2.3. Signatures
- 2.4. Running Suricata
- 2.5. Alerting
- 2.6. EVE Json
3. Installation
- 3.1. Source
- 3.2. Binary packages
- 3.3. Advanced Installation
4. Upgrading
- 4.1. General instructions
- 4.2. Upgrading 5.0 to 6.0
- 4.3. Upgrading 4.1 to 5.0
5. Command Line Options
- 5.1. Unit Tests
6. Suricata Rules
- 6.1. Rules Format
- 6.2. Meta Keywords
- 6.3. IP Keywords
- 6.4. TCP keywords
- 6.5. UDP keywords
- 6.6. ICMP keywords
- 6.7. Payload Keywords
- 6.8. Transformations
- 6.9. Prefiltering Keywords
- 6.10. Flow Keywords
- 6.11. Bypass Keyword
- 6.12. HTTP Keywords
- 6.13. File Keywords
- 6.14. DNS Keywords
- 6.15. SSL/TLS Keywords
- 6.16. SSH Keywords
- 6.17. JA3 Keywords
- 6.18. Modbus Keyword
- 6.19. DNP3 Keywords
- 6.20. ENIP/CIP Keywords
- 6.21. FTP/FTP-DATA Keywords
- 6.22. Kerberos Keywords
- 6.23. SNMP keywords
- 6.24. Base64 keywords
- 6.25. SIP Keywords
- 6.26. RFB Keywords
- 6.27. MQTT Keywords
- 6.28. HTTP2 Keywords
- 6.29. Generic App Layer Keywords
- 6.30. Xbits Keyword
- 6.31. Thresholding Keywords
- 6.32. IP Reputation Keyword
- 6.33. Datasets
- 6.34. Lua Scripting
- 6.35. Differences From Snort
7. Rule Management
- 7.1. Rule Management with Suricata-Update
- 7.2. Adding Your Own Rules
- 7.3. Rule Reloads
8. Making sense out of Alerts
9. Performance
- 9.1. Runmodes
- 9.2. Packet Capture
- 9.3. Tuning Considerations
- 9.4. Hyperscan
- 9.5. High Performance Configuration
- 9.6. Statistics
- 9.7. Ignoring Traffic
- 9.8. Packet Profiling
- 9.9. Rule Profiling
- 9.10. Tcmalloc
- 9.11. Performance Analysis
10. Configuration
- 10.1. Suricata.yaml
- 10.2. Global-Thresholds
- 10.3. Snort.conf to Suricata.yaml
- 10.4. Multi Tenancy
- 10.5. Dropping Privileges After Startup
11. Reputation
- 11.1. IP Reputation
12. Init Scripts
13. Setting up IPS/inline for Linux
- 13.1. Setting up IPS with Netfilter
- 13.2. Settings up IPS at Layer 2
14. Setting up IPS/inline for Windows
15. Output
- 15.1. EVE
- 15.2. Lua Output
- 15.3. Syslog Alerting Compatibility
- 15.4. Custom http logging
- 15.5. Custom tls logging
- 15.6. Log Rotation
16. Lua support
- 16.1. Lua usage in Suricata
- 16.2. Lua functions
17. File Extraction
- 17.1. Architecture
- 17.2. Settings
- 17.3. Output
- 17.4. Rules
- 17.5. MD5
- 17.6. Updating Filestore Configuration
18. Public Data Sets
19. Using Capture Hardware
- 19.1. Endace DAG
- 19.2. Napatech
- 19.3. Myricom
- 19.4. eBPF and XDP
- 19.5. Netmap
20. Interacting via Unix Socket
- 20.1. Introduction
- 20.2. Commands in standard running mode
- 20.3. Commands on the cmd prompt
- 20.4. PCAP processing mode
- 20.5. Build your own client
21. 3rd Party Integration
- 21.1. Symantec SSL Visibility (BlueCoat)
22. Man Pages
- 22.1. Suricata
- 22.2. Suricata Socket Control
- 22.3. Suricata Control
- 22.4. Suricata Control Filestore
23. Acknowledgements
24. Licenses
- 24.1. GNU General Public License
- 24.2. Creative Commons Attribution-NonCommercial 4.0 International Public License
- 24.3. Suricata Source Code
- 24.4. Suricata Documentation

Read the Docs v: suricata-6.0.0

Versions: latest; suricata-6.0.0-rc1; suricata-6.0.0-beta1; suricata-6.0.0; suricata-5.0.4; suricata-5.0.3; suricata-5.0.2; suricata-5.0.1; suricata-5.0.0-rc1; suricata-5.0.0-beta1; suricata-5.0.0; suricata-4.1.9; suricata-4.1.8; suricata-4.1.7; suricata-4.1.6; suricata-4.1.5; suricata-4.1.4; suricata-4.1.3; suricata-4.1.2; suricata-4.1.1; suricata-4.1.0-rc2; suricata-4.1.0-rc1; suricata-4.1.0-beta1; suricata-4.1.0; suricata-4.0.7; suricata-4.0.6; suricata-4.0.5; suricata-4.0.4; suricata-4.0.3; suricata-4.0.2; suricata-4.0.1; suricata-4.0.0-rc2; suricata-4.0.0-rc1; suricata-4.0.0-beta1; suricata-4.0.0; suricata-3.2rc1; suricata-3.2beta1; suricata-3.2.5; suricata-3.2.4; suricata-3.2.3; suricata-3.2.2; suricata-3.2.1; suricata-3.2

Downloads

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.