[Free Workshop] Hands on with Suricata Language Server - Eric Leblond

Hi folks,

In case you missed the announcement, Eric Leblond will be hosting a free workshop next week in which he will introduce the Suricata Language Server, a tool that adds syntax checking and auto-completion to popular text editors for Suricata signature developers.

More details can be found here:

Cheers!

Mark

Additional info:

Writing signatures for Suricata and other intrusion detection systems (IDS) is considered by many to be a form of art. One of the main reasons is that the rule writer needs to start by examining a network trace to identify patterns that are representative to a threat/behavior without being too broad (to avoid false positives) or too narrow (to avoid being escaped at the first change of a bit in the attack). But the language used to write signatures is the second reason. It is not really expressive and doesn’t have advanced constructs. As a result signatures require complex writing to do things that could appear simple. And there are implicit conventions and structures that must be followed to guarantee correct integration in the detection engine.

Free registration → Hands-On Session: Get to Know Suricata Language Server with Eric Leblond Tickets, Thu, Mar 17, 2022 at 9:00 AM | Eventbrite

The open-source Suricata Language Server (SLS) has been developed to solve these problems. SLS is a Language Server Protocol implementation that allows the user to benefit from built-in Suricata diagnostic capabilities when editing rules. SLS provides advanced diagnostics as well as auto-completion.

In this webinar, you will see how SLS can be used and how to make sense of the error messages. You will also discover what Suricata features are used behind the scene to make this possible.