Learning Library

Suricata is a high-performance, open-source network analysis, and threat detection software used around the globe. Suricata not only produces high-fidelity network alerts, but also a wide variety of other critical network protocol, file transaction, and flow data, all in an industry-standard JSON format for easy ingestion into many popular SIEMS – but what’s the quickest way to get started? In this video, we’ll explore installing Suricata in a few simple commands using the OISF maintained personal package archives, or PPA, for Ubuntu. If you’re looking for a video detailing installation on Ubuntu – I’ll make sure to add a link in the description.

Suricata is high-performance, open-source network analysis and threat detection software used around the globe. Suricata not only produces high-fidelity network alerts, but also a wide variety of other critical network protocol , file transaction, and flow data, all in an industry standard JSON format for easy ingestion into many popular SIEMS – but what’s the quickest way to get started? In this video, we’ll explore installing Suricata in a few simple commands in AlmaLinux using the OISF provided RPM repository. AlmaLinux is an alternative to RedHat Linux and the installation steps will be similar for both operating systems.

Suricata provides an easy installation path using pre-built binaries for several popular operating systems. But what do you do after you’ve installed Suricata? In this video, we’ll explore Suricata’s configuration file and identify essential elements to get your network monitoring up and running!

Suricata has two primary modes of operation – to listen on a network interface in real-time to capture network data. Or, to ingest PCAPs in an offline mode. Listening to network traffic in real-time is going to be the most common way Suricata is configured and deployed and in this video, we’ll briefly discuss how to use systemd to control Suricata, reload rules, and install Suricata as a service.

Suricata provides valuable network data even without rules, but its true strength lies in real-time threat detection using customizable rules. These rules can be used to detect threats, anomalies, and a variety of other activities in your network traffic. Suricata-Update simplifies managing rules and rule sets, including the popular Emerging Threats Open rule set. This video will guide you through using Suricata-Update to:

• Download the free Emerging Threats Open rule set and start generating alerts.
• Manage and integrate additional rule sets for your specific needs.
• Keep your rules updated for the most effective threat detection.

Hey everyone, and welcome back to the channel! While Suricata shines at capturing live traffic at high speeds, did you know it can also analyze pre-recorded network data? Today, we’re taking a deeper dive into Suricata’s replay mode, which is Suricata’s ability to replay network traffic from PCAP files. This lets you:

• Load individual PCAP files for focused analysis of specific network events.
• Process entire directories of PCAPs, one after another, while maintaining flow state across files.