1. Aucune catégorie

Suricata User Guide: Network Security & Intrusion Detection

Telechargé par Seddik Zahreddine
Téléchargement
Ajouter à la (aux) collection (s) Ajouter à enregistré
Suricata User Guide
Release 8.0.1-dev
OISF
Aug 08, 2025
CONTENTS
1 What is Suricata 3
1.1 About the Open Information Security Foundation ............................ 3
2 Quickstart guide 5
2.1 Installation ................................................ 5
2.2 Basic setup ................................................ 5
2.3 Signatures ................................................ 6
2.4 Running Suricata ............................................. 6
2.5 Alerting .................................................. 7
2.6 EVE Json ................................................. 7
3 Installation 9
3.1 Source .................................................. 9
3.2 Binary packages ............................................. 12
3.3 Advanced Installation .......................................... 16
4 Upgrading 17
4.1 General instructions ........................................... 17
4.2 Upgrading 7.0 to 8.0 ........................................... 17
4.3 Upgrading 6.0 to 7.0 ........................................... 20
4.4 Upgrading 5.0 to 6.0 ........................................... 23
4.5 Upgrading 4.1 to 5.0 ........................................... 23
5 Security Considerations 25
5.1 Running as a User Other Than Root ................................... 25
5.2 Containers ................................................ 27
6 Support Status 29
6.1 Levels of Support ............................................. 29
6.2 Distributions ............................................... 30
6.3 Architecture Support ........................................... 31
7 Command Line Options 33
7.1 Unit Tests ................................................. 37
8 Suricata Rules 39
8.1 Rules Format ............................................... 39
8.2 Meta Keywords .............................................. 46
8.3 IP Keywords ............................................... 50
8.4 TCP keywords .............................................. 54
8.5 UDP keywords .............................................. 58
i
8.6 ICMP keywords ............................................. 58
8.7 Payload Keywords ............................................ 62
8.8 Integer Keywords ............................................. 86
8.9 Transformations ............................................. 88
8.10 Prefiltering Keywords .......................................... 94
8.11 Flow Keywords .............................................. 96
8.12 Bypass Keyword ............................................. 104
8.13 HTTP Keywords ............................................. 104
8.14 File Keywords .............................................. 125
8.15 DNS Keywords .............................................. 129
8.16 mDNS Keywords ............................................. 132
8.17 SSL/TLS Keywords ........................................... 134
8.18 SSH Keywords .............................................. 139
8.19 JA3/JA4 Keywords ............................................ 141
8.20 Modbus Keyword ............................................ 143
8.21 DCERPC Keywords ........................................... 145
8.22 DHCP keywords ............................................. 146
8.23 DNP3 Keywords ............................................. 148
8.24 ENIP/CIP Keywords ........................................... 150
8.25 FTP/FTP-DATA Keywords ........................................ 154
8.26 Kerberos Keywords ........................................... 158
8.27 SMB Keywords .............................................. 161
8.28 SNMP keywords ............................................. 163
8.29 Base64 keywords ............................................. 164
8.30 SIP Keywords .............................................. 166
8.31 SDP Keywords .............................................. 170
8.32 RFB Keywords .............................................. 176
8.33 MQTT Keywords ............................................. 177
8.34 IKE Keywords .............................................. 181
8.35 HTTP2 Keywords ............................................ 184
8.36 Quic Keywords .............................................. 186
8.37 NFS Keywords .............................................. 187
8.38 SMTP Keywords ............................................. 187
8.39 WebSocket Keywords .......................................... 189
8.40 Generic App Layer Keywords ...................................... 190
8.41 Generic Decode Layer Keywords .................................... 192
8.42 Xbits Keyword .............................................. 192
8.43 Alert Keywords .............................................. 194
8.44 Thresholding Keywords ......................................... 195
8.45 IP Reputation Keyword .......................................... 197
8.46 IP Addresses Match ........................................... 198
8.47 Config Rules ............................................... 199
8.48 Datasets .................................................. 200
8.49 Lua Scripting for Detection ....................................... 207
8.50 Differences From Snort ......................................... 210
8.51 Multiple Buffer Matching ........................................ 219
8.52 Tag .................................................... 221
8.53 VLAN Keywords ............................................. 223
8.54 LDAP Keywords ............................................. 225
8.55 PGSQL Keywords ............................................ 233
8.56 Rule Types and Categorization ...................................... 233
8.57 Email Keywords ............................................. 255
9 Rule Management 261
ii
9.1 Rule Management with Suricata-Update ................................. 261
9.2 Adding Your Own Rules ......................................... 263
9.3 Rule Reloads ............................................... 264
9.4 Rules Profiling .............................................. 266
10 Making sense out of Alerts 267
11 Performance 269
11.1 Runmodes ................................................ 269
11.2 Packet Capture .............................................. 274
11.3 Tuning Considerations .......................................... 275
11.4 Hyperscan ................................................ 277
11.5 High Performance Configuration ..................................... 279
11.6 Statistics ................................................. 284
11.7 Ignoring Traffic .............................................. 287
11.8 Packet Profiling .............................................. 289
11.9 Rule Profiling ............................................... 289
11.10 Tcmalloc ................................................. 291
11.11 Performance Analysis .......................................... 291
12 Configuration 297
12.1 Suricata.yaml ............................................... 297
12.2 Global-Thresholds ............................................ 357
12.3 Exception Policies ............................................ 360
12.4 Snort.conf to Suricata.yaml ....................................... 365
12.5 Multi Tenancy .............................................. 370
12.6 Dropping Privileges After Startup .................................... 374
12.7 Using Landlock LSM .......................................... 374
12.8 systemd notification ........................................... 375
12.9 Includes .................................................. 376
13 Reputation 377
13.1 IP Reputation ............................................... 377
14 Init Scripts 381
15 Setting up IPS/inline for Linux 383
15.1 Setting up IPS with Netfilter ....................................... 383
15.2 Setting up IPS at Layer 2 ......................................... 386
16 Setting up IPS/inline for Windows 391
17 Output 393
17.1 EVE ................................................... 393
17.2 Lua Output ................................................ 473
17.3 Syslog Alerting Compatibility ...................................... 475
17.4 Custom http logging ........................................... 476
17.5 Custom tls logging ............................................ 477
17.6 Log Rotation ............................................... 478
18 Lua support 479
18.1 Lua usage in Suricata ........................................... 479
18.2 Lua functions ............................................... 479
18.3 Lua Libraries ............................................... 482
iii
1 / 773 100%
Documents connexes
00 Template IJECE FEB 2019
00 Template IJECE FEB 2019
Variables in Programming: Definition & Data Types
Variables in Programming: Definition & Data Types
A Linguistica 12-1964-1 29
A Linguistica 12-1964-1 29
JavaScript Cheat Sheet for Beginners
JavaScript Cheat Sheet for Beginners
On cyclotomic Zp-extensions of real quadratic fields
On cyclotomic Zp-extensions of real quadratic fields
La catégorie de ce document est-elle correcte?
Merci pour votre participation!

Faire une suggestion

Avez-vous trouvé des erreurs dans l'interface ou les textes ? Ou savez-vous comment améliorer l'interface utilisateur de StudyLib ? N'hésitez pas à envoyer vos suggestions. C'est très important pour nous!

Produits
Assistance
© 2013 - 2025 studylibfr.com toutes les autres marques déposées et droits d'auteur sont la propriété de leurs propriétaires respectifs
GDPR Confidentialité Conditions d''utilisation