tutorial series

Securing Your Network with Suricata
  • By Jamon Camisso

  • Suricata is a flexible, high performance Network Security Monitoring (NSM) tool that can detect and block attacks against your network.

    This series will explore how to install Suricata on various operating systems, how to understand and write your own signatures to detect malicious or unknown traffic, and how to configure Suricata in both Intrusion Detection (IDS) and Intrusion Prevention (IPS) modes.

    Once you have Suricata configured and running on your network, you’ll learn how to build your own Security Information and Event Management (SIEM) tool on top of the data that Suricata collects.

    Published on October 25, 2021 · Updated on October 22, 2021

    Suricata is a Network Security Monitoring (NSM) tool that uses sets of community created and user defined signatures (also referred to as rules) to examine and process network traffic. Suricata can generate log events, trigger alerts, and drop traffic when it detects suspicious packets or requests to any number of different services running on a server.

    Published on October 29, 2021

    Suricata is a Network Security Monitoring (NSM) tool that uses sets of community created and user defined signatures (also referred to as rules) to examine and process network traffic. Suricata can generate log events, trigger alerts, and drop traffic…

    Published on November 15, 2021 · Updated on November 15, 2021

    Suricata is a Network Security Monitoring (NSM) tool that uses sets of community created and user defined signatures (also referred to as rules) to examine and process network traffic. In this tutorial you will learn how to install Suricata, and how to customize some of its default settings on Rocky Linux 8 to suit your needs.

    Published on January 25, 2022

    Suricata is a Network Security Monitoring (NSM) tool that uses sets of community created and user defined signatures (also referred to as rules) to examine and process network traffic. Suricata can generate log events, trigger alerts, and drop traffic…

    Published on November 24, 2021

    In this tutorial you’ll learn how Suricata signatures are structured, and some important options that are commonly used in most rules. Once you are familiar with how to understand the structure and fields in a signature, you’ll be able to write your own signatures that you can combine with a firewall to alert you about most suspicious traffic to your servers, without needing to use other external rulesets.

    Published on December 9, 2021

    In this tutorial you will learn how to configure Suricata’s built-in Intrusion Prevention System (IPS) mode. When you enable IPS mode, Suricata can actively drop suspicious network traffic in addition to generating alerts. Once you know which signatures you would like to use in IPS mode, you’ll convert their default action to drop or reject traffic. With your signatures in place, you’ll learn how to send network traffic through Suricata using the netfilter NFQUEUE iptables target.

    Published on December 15, 2021

    In this tutorial you will learn how to configure Suricata’s built-in Intrusion Prevention System (IPS) mode on Debian 11. By default Suricata is configured to run as an Intrusion Detection System (IDS), which only generates alerts and logs suspicious traffic. When you enable…

    Published on December 15, 2021

    In this tutorial you will learn how to configure Suricata’s built-in Intrusion Prevention System (IPS) mode on Rocky Linux 8. By default Suricata is configured to run as an Intrusion Detection System (IDS), which only generates alerts and logs suspicious traffic. When you…

    Published on January 14, 2022

    The previous tutorials in this series guided you through installing, configuring, and running Suricata as an Intrusion Detection (IDS) and Intrusion Prevention (IPS) system. You also learned about Suricata rules and how to create your own. In this tutorial you will explore…

    Published on January 25, 2022

    The previous tutorials in this series guided you through installing, configuring, and running Suricata as an Intrusion Detection (IDS) and Intrusion Prevention (IPS) system. You also…

    Published on January 25, 2022

    The previous tutorials in this series guided you through installing, configuring, and running Suricata as an Intrusion Detection (IDS) and Intrusion Prevention (IPS) system. You also learned about Suricata rules and how to create your own. In this tutorial you will explore…

    Published on January 25, 2022

    The previous tutorials in this series guided you through installing, configuring, and running Suricata as an Intrusion Detection (IDS) and Intrusion Prevention (IPS) system. You also learned about Suricata rules and how to create your own. In this tutorial you will…

    Published on February 28, 2022

    In this final tutorial in the series, you will create custom Kibana rules and generate alerts within Kibana’s SIEM dashboards. Once you have rules in place and understand where and how to filter Suricata’s logs using Kibana, you’ll explore how to create and manage cases using Kibana’s timeline analysis tools.

    By the end of this tutorial you will have a SIEM system that you can use to track and investigate security events across all of the servers in your network.