This repo contains simple ruleset and enviroment setup to conduct simple SURICATA of PKAP or various network resources
Suricata is a high performance, open source network analysis and threat detection software used as an IDS/IPS. Suricata offers alerts, network flows, PCAP recordings etc
Read more: https://suricata.io/
- Download suricata on your LINUX distro
Link: https://suricata.io/download/
sudo apt install suricata- Ensure that suricata is downloaded properly
sudo suricata --build-info - Create a suricata ruleset file
ls
cd suricata-test
nano suricata.rules-
Write your ruleset in your suricata.rules file This can be done through texteditor or nano/vim/vi
-
Create a yaml for enviroment setup
nano suricata.yaml-
Write your enviroment properties in your suricata.yaml file This can be done through texteditor or nano/vim/vi
-
Enter a suricata command in your cli to connect the ruleset, file you would like to search and yaml together
sudo suricata -r path/to/yourfile.pcap -c path/to/suricata.yaml -S path/to/file-download.rules -l path/to/output/dir- Result/Print will be visible in the json.log file