Suricata User Guide¶

1. What is Suricata
- 1.1. About the Open Information Security Foundation
2. Quickstart guide
- 2.1. Installation
- 2.2. Basic setup
- 2.3. Signatures
- 2.4. Running Suricata
- 2.5. Alerting
- 2.6. EVE Json
3. Installation
- 3.1. Source
- 3.2. Binary packages
- 3.3. Advanced Installation
4. Upgrading
- 4.1. General instructions
- 4.2. Upgrading 6.0 to 7.0
- 4.3. Upgrading 5.0 to 6.0
- 4.4. Upgrading 4.1 to 5.0
5. Command Line Options
- 5.1. Unit Tests
6. Suricata Rules
- 6.1. Rules Format
- 6.2. Meta Keywords
- 6.3. IP Keywords
- 6.4. TCP keywords
- 6.5. UDP keywords
- 6.6. ICMP keywords
- 6.7. Payload Keywords
- 6.8. Changes from PCRE1 to PCRE2
- 6.9. Transformations
- 6.10. Prefiltering Keywords
- 6.11. Flow Keywords
- 6.12. Bypass Keyword
- 6.13. HTTP Keywords
- 6.14. File Keywords
- 6.15. DNS Keywords
- 6.16. SSL/TLS Keywords
- 6.17. SSH Keywords
- 6.18. JA3 Keywords
- 6.19. Modbus Keyword
- 6.20. DCERPC Keywords
- 6.21. DHCP keywords
- 6.22. DNP3 Keywords
- 6.23. ENIP/CIP Keywords
- 6.24. FTP/FTP-DATA Keywords
- 6.25. Kerberos Keywords
- 6.26. SMB Keywords
- 6.27. SNMP keywords
- 6.28. Base64 keywords
- 6.29. SIP Keywords
- 6.30. RFB Keywords
- 6.31. MQTT Keywords
- 6.32. IKE Keywords
- 6.33. HTTP2 Keywords
- 6.34. Quic Keywords
- 6.35. Generic App Layer Keywords
- 6.36. Xbits Keyword
- 6.37. Thresholding Keywords
- 6.38. IP Reputation Keyword
- 6.39. Config Rules
- 6.40. Datasets
- 6.41. Lua Scripting for Detection
- 6.42. Differences From Snort
7. Rule Management
- 7.1. Rule Management with Suricata-Update
- 7.2. Adding Your Own Rules
- 7.3. Rule Reloads
8. Making sense out of Alerts
9. Performance
- 9.1. Runmodes
- 9.2. Packet Capture
- 9.3. Tuning Considerations
- 9.4. Hyperscan
- 9.5. High Performance Configuration
- 9.6. Statistics
- 9.7. Ignoring Traffic
- 9.8. Packet Profiling
- 9.9. Rule Profiling
- 9.10. Tcmalloc
- 9.11. Performance Analysis
10. Configuration
- 10.1. Suricata.yaml
- 10.2. Global-Thresholds
- 10.3. Exception Policies
- 10.4. Snort.conf to Suricata.yaml
- 10.5. Multi Tenancy
- 10.6. Dropping Privileges After Startup
- 10.7. Using Landlock LSM
11. Reputation
- 11.1. IP Reputation
12. Init Scripts
13. Setting up IPS/inline for Linux
- 13.1. Setting up IPS with Netfilter
- 13.2. Settings up IPS at Layer 2
14. Setting up IPS/inline for Windows
15. Output
- 15.1. EVE
- 15.2. Lua Output
- 15.3. Syslog Alerting Compatibility
- 15.4. Custom http logging
- 15.5. Custom tls logging
- 15.6. Log Rotation
16. Lua support
- 16.1. Lua usage in Suricata
- 16.2. Lua functions
17. File Extraction
- 17.1. Architecture
- 17.2. Settings
- 17.3. Output
- 17.4. Rules
- 17.5. MD5
- 17.6. Updating Filestore Configuration
18. Public Data Sets
19. Using Capture Hardware
- 19.1. Endace DAG
- 19.2. Napatech
- 19.3. Myricom
- 19.4. eBPF and XDP
- 19.5. Netmap
20. Interacting via Unix Socket
- 20.1. Introduction
- 20.2. Commands in standard running mode
- 20.3. Commands on the cmd prompt
- 20.4. PCAP processing mode
- 20.5. Build your own client
21. 3rd Party Integration
- 21.1. Symantec SSL Visibility (BlueCoat)
22. Man Pages
- 22.1. Suricata
- 22.2. Suricata Socket Control
- 22.3. Suricata Control
- 22.4. Suricata Control Filestore
23. Acknowledgements
24. Licenses
- 24.1. GNU General Public License
- 24.2. Creative Commons Attribution-NonCommercial 4.0 International Public License
- 24.3. Suricata Source Code
- 24.4. Suricata Documentation
25. Suricata Developer Guide
- 25.1. Working with the Codebase
- 25.2. Suricata Internals
- 25.3. Extending Suricata

Read the Docs v: suricata-7.0.0-beta1

Versions: latest; suricata-7.0.0-beta1; suricata-6.0.8; suricata-6.0.7; suricata-6.0.6; suricata-6.0.5; suricata-6.0.4; suricata-6.0.3; suricata-6.0.2; suricata-6.0.1; suricata-6.0.0-rc1; suricata-6.0.0-beta1; suricata-6.0.0; suricata-5.0.9; suricata-5.0.8; suricata-5.0.7; suricata-5.0.6; suricata-5.0.5; suricata-5.0.4; suricata-5.0.3; suricata-5.0.2; suricata-5.0.10; suricata-5.0.1; suricata-5.0.0-rc1; suricata-5.0.0-beta1; suricata-5.0.0; suricata-4.1.9; suricata-4.1.8; suricata-4.1.7; suricata-4.1.6; suricata-4.1.5; suricata-4.1.4; suricata-4.1.3; suricata-4.1.2; suricata-4.1.10; suricata-4.1.1; suricata-4.1.0-rc2; suricata-4.1.0-rc1; suricata-4.1.0-beta1; suricata-4.1.0; suricata-4.0.7; suricata-4.0.6; suricata-4.0.5; suricata-4.0.4; suricata-4.0.3; suricata-4.0.2; suricata-4.0.1; suricata-4.0.0-rc2; suricata-4.0.0-rc1; suricata-4.0.0-beta1; suricata-4.0.0; suricata-3.2rc1; suricata-3.2beta1; suricata-3.2.5; suricata-3.2.4; suricata-3.2.3; suricata-3.2.2; suricata-3.2.1; suricata-3.2

Downloads

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.