July's webinar: Using jq for Suricata log parsing

The jq tool is very useful for quickly parsing and filtering JSON files. In Suricata’s July webinar, join our QA expert, Corey Thomas, as he shares and demonstrates several jq tricks and commands to more efficiently parse the main Suricata log: eve.json, and filter useful information for threat hunting, troubleshooting, and more.

We’ll also be sharing a jq cheat sheet, for quick access to what you’ll learn!

Corey Thomas is OISF’s QA automation Engineer. He’s always finding ways to consistently reproduce problems and performance changes. He’s helped build and automate OISF’s hardware QA lab and integrate with Github PRs. He has been an Open Source contributor and IT professional for over a dozen years, making the world a safer place, one bug at a time.

Save the date:
July 27th
2 pm UTC (1 hour long)

This webinar will be hosted via Zoom, register before the event to get a reminder: Webinar Registration - Zoom


Will you make the slides available afterwards? Perhaps even the recording?

Sure thing Matthias, that’s the way we do it :sunglasses: :grin:

Link to the slides is usually included in the video description if not stated otherwise.


What Lukas said! We will also share the jq cheat sheet :slight_smile:

Thanks to all who attended or shared the webinar!

The recording is out. Go to YouTube to watch it: Using jq for Suricata Log Parsing - YouTube

Cheat sheet forum post: https://forum.suricata.io/t/jq-cheat-sheet-for-parsing-suricata-eve-outputs/

Check the presentation slides: UsingJQtoParseSuricataLogs.pdf - Google Drive

See you in the next Suricata webinar!