Suricata User Guide¶

1. What is Suricata
- 1.1. About the Open Information Security Foundation
2. Installation
- 2.1. Source
- 2.2. Binary packages
- 2.3. Advanced Installation
3. Command Line Options
- 3.1. Unit Tests
4. Suricata Rules
- 4.1. Rules Format
- 4.2. Meta Keywords
- 4.3. IP Keywords
- 4.4. TCP keywords
- 4.5. ICMP keywords
- 4.6. Payload Keywords
- 4.7. Transformations
- 4.8. Prefiltering Keywords
- 4.9. Flow Keywords
- 4.10. Bypass Keyword
- 4.11. HTTP Keywords
- 4.12. File Keywords
- 4.13. DNS Keywords
- 4.14. SSL/TLS Keywords
- 4.15. SSH Keywords
- 4.16. JA3 Keywords
- 4.17. Modbus Keyword
- 4.18. DNP3 Keywords
- 4.19. ENIP/CIP Keywords
- 4.20. FTP/FTP-DATA Keywords
- 4.21. Kerberos Keywords
- 4.22. Generic App Layer Keywords
- 4.23. Xbits Keyword
- 4.24. Thresholding Keywords
- 4.25. IP Reputation Keyword
- 4.26. Lua Scripting
- 4.27. Differences From Snort
5. Rule Management
- 5.1. Rule Management with Suricata-Update
- 5.2. Rule Management with Oinkmaster
- 5.3. Adding Your Own Rules
- 5.4. Rule Reloads
6. Making sense out of Alerts
7. Performance
- 7.1. Runmodes
- 7.2. Packet Capture
- 7.3. Tuning Considerations
- 7.4. Hyperscan
- 7.5. High Performance Configuration
- 7.6. Statistics
- 7.7. Ignoring Traffic
- 7.8. Packet Profiling
- 7.9. Rule Profiling
- 7.10. Tcmalloc
8. Configuration
- 8.1. Suricata.yaml
- 8.2. Global-Thresholds
- 8.3. Snort.conf to Suricata.yaml
- 8.4. Multi Tenancy
- 8.5. Dropping Privileges After Startup
9. Reputation
- 9.1. IP Reputation
10. Init Scripts
11. Setting up IPS/inline for Linux
- 11.1. Iptables configuration
12. Setting up IPS/inline for Windows
13. Output
- 13.1. EVE
- 13.2. Lua Output
- 13.3. Syslog Alerting Compatibility
- 13.4. Custom http logging
- 13.5. Custom tls logging
- 13.6. Log Rotation
14. Lua support
- 14.1. Lua usage in Suricata
- 14.2. Lua functions
15. File Extraction
- 15.1. Architecture
- 15.2. Settings
- 15.3. Output
- 15.4. Rules
- 15.5. MD5
16. Public Data Sets
17. Using Capture Hardware
- 17.1. Endace DAG
- 17.2. Napatech Suricata Installation Guide
- 17.3. Myricom
- 17.4. eBPF and XDP
18. Interacting via Unix Socket
- 18.1. Introduction
- 18.2. Commands in standard running mode
- 18.3. Commands on the cmd prompt
- 18.4. Pcap processing mode
- 18.5. Build your own client
19. Man Pages
- 19.1. Suricata
20. Acknowledgements
21. Licenses
- 21.1. GNU General Public License
- 21.2. Creative Commons Attribution-NonCommercial 4.0 International Public License
- 21.3. Suricata Source Code
- 21.4. Suricata Documentation

Read the Docs v: suricata-4.1.3

Versions: latest; suricata-4.1.3; suricata-4.1.2; suricata-4.1.1; suricata-4.1.0-rc2; suricata-4.1.0-rc1; suricata-4.1.0-beta1; suricata-4.1.0; suricata-4.0.7; suricata-4.0.6; suricata-4.0.5; suricata-4.0.4; suricata-4.0.3; suricata-4.0.2; suricata-4.0.1; suricata-4.0.0-rc2; suricata-4.0.0-rc1; suricata-4.0.0-beta1; suricata-4.0.0; suricata-3.2rc1; suricata-3.2beta1; suricata-3.2.5; suricata-3.2.4; suricata-3.2.3; suricata-3.2.2; suricata-3.2.1; suricata-3.2

Downloads

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.