Introduction
Suricata is a flexible, high performance Network Security Monitoring (NSM) tool that can detect and block attacks against your network.
This series will explore how to install Suricata on various operating systems, how to understand and write your own signatures to detect malicious or unknown traffic, and how to configure Suricata in both Intrusion Detection (IDS) and Intrusion Prevention (IPS) modes.
Once you have Suricata configured and running on your network, you’ll learn how to build your own Security Information and Event Management (SIEM) tool on top of the data that Suricata collects.
// Tutorial //
How To Install Suricata on Ubuntu 20.04
Suricata is a Network Security Monitoring (NSM) tool that uses sets of community created and user defined signatures (also referred to as rules) to examine and process network traffic. Suricata can generate log events, trigger alerts, and drop traffic when it detects suspicious packets or requests to any number of different services running on a server.
// Tutorial //
How To Install Suricata on Debian 11
Suricata is a Network Security Monitoring (NSM) tool that uses sets of community created and user defined signatures (also referred to as rules) to examine and process network traffic. Suricata can generate log events, trigger alerts, and drop traffic…
// Tutorial //
How To Install Suricata on Rocky Linux 8
Suricata is a Network Security Monitoring (NSM) tool that uses sets of community created and user defined signatures (also referred to as rules) to examine and process network traffic. In this tutorial you will learn how to install Suricata, and how to customize some of its default settings on Rocky Linux 8 to suit your needs.
// Tutorial //
How To Install Suricata on CentOS 8 Stream
Suricata is a Network Security Monitoring (NSM) tool that uses sets of community created and user defined signatures (also referred to as rules) to examine and process network traffic. Suricata can generate log events, trigger alerts, and drop traffic…
// Tutorial //
Understanding Suricata Signatures
In this tutorial you’ll learn how Suricata signatures are structured, and some important options that are commonly used in most rules. Once you are familiar with how to understand the structure and fields in a signature, you’ll be able to write your own signatures that you can combine with a firewall to alert you about most suspicious traffic to your servers, without needing to use other external rulesets.
// Tutorial //
How To Configure Suricata as an Intrusion Prevention System (IPS) on Ubuntu 20.04
In this tutorial you will learn how to configure Suricata’s built-in Intrusion Prevention System (IPS) mode. When you enable IPS mode, Suricata can actively drop suspicious network traffic in addition to generating alerts. Once you know which signatures you would like to use in IPS mode, you’ll convert their default action to drop or reject traffic. With your signatures in place, you’ll learn how to send network traffic through Suricata using the netfilter NFQUEUE iptables target.
// Tutorial //
How To Configure Suricata as an Intrusion Prevention System (IPS) on Debian 11
In this tutorial you will learn how to configure Suricata’s built-in Intrusion Prevention System (IPS) mode on Debian 11. By default Suricata is configured to run as an Intrusion Detection System (IDS), which only generates alerts and logs suspicious traffic. When you enable…
// Tutorial //
How To Configure Suricata as an Intrusion Prevention System (IPS) on Rocky Linux 8
In this tutorial you will learn how to configure Suricata’s built-in Intrusion Prevention System (IPS) mode on Rocky Linux 8. By default Suricata is configured to run as an Intrusion Detection System (IDS), which only generates alerts and logs suspicious traffic. When you…
// Tutorial //
How To Build A SIEM with Suricata and Elastic Stack on Ubuntu 20.04
The previous tutorials in this series guided you through installing, configuring, and running Suricata as an Intrusion Detection (IDS) and Intrusion Prevention (IPS) system. You also learned about Suricata rules and how to create your own. In this tutorial you will explore…
// Tutorial //
How To Build A SIEM with Suricata and Elastic Stack on Debian 11
The previous tutorials in this series guided you through installing, configuring, and running Suricata as an Intrusion Detection (IDS) and Intrusion Prevention (IPS) system. You also…
// Tutorial //
How To Build A SIEM with Suricata and Elastic Stack on Rocky Linux 8
The previous tutorials in this series guided you through installing, configuring, and running Suricata as an Intrusion Detection (IDS) and Intrusion Prevention (IPS) system. You also learned about Suricata rules and how to create your own. In this tutorial you will explore…
// Tutorial //
How To Build A SIEM with Suricata and Elastic Stack on CentOS 8 Stream
The previous tutorials in this series guided you through installing, configuring, and running Suricata as an Intrusion Detection (IDS) and Intrusion Prevention (IPS) system. You also learned about Suricata rules and how to create your own. In this tutorial you will…
// Tutorial //
How To Create Rules, Timelines, and Cases from Suricata Events Using Kibana's SIEM Apps
In this final tutorial in the series, you will create custom Kibana rules and generate alerts within Kibana’s SIEM dashboards. Once you have rules in place and understand where and how to filter Suricata’s logs using Kibana, you’ll explore how to create and manage cases using Kibana’s timeline analysis tools.
By the end of this tutorial you will have a SIEM system that you can use to track and investigate security events across all of the servers in your network.
Hollie's Hub for Good
Working on improving health and education, reducing inequality, and spurring economic growth? We’d like to help.
