New memeber in this community:)

Lounes-Kheris98 · December 19, 2021, 12:54am

Hello i’m beginner on suricata, i have little project in my studies.
Perform Security Analysis with Suricata, pcap file
how can i start please ?
thnks a lot

jufajardini · December 20, 2021, 9:42am

Hello Lounes, welcome to our community ^^

If you are totally new to Suricata, I would suggest checking some of our videos on our YouTube channel. We have a short playlist on how to get started Help & How-To - YouTube and another with several webinars, some of which are about Threat Hunting Webinars - YouTube )

Another useful couple comments:

for reading a pcap file with Suricata, use the command-line option -r path/to/pcap
Suricata EVE logs have a field called flow_id which you can use to see all types of events Suricata has seen for a given network interaction (identifying a tuple with same Source IP, Source port, Destination IP, Destination port, Network protocol). As some of the webinars I’ve mention will explain in more detail, the flow_id is a powerful friend when investigating possible threats.

I hope this helps you get started, and that it wasn’t too basic!

Good luck with your project

Topic		Replies	Views
Flow_ID_Duplicated Help	1	460	August 25, 2022
Help Needed ! Suricata drops - ,"metadata":{"flowints":{"http.anomaly.count":1}}, Rules ips , rules	5	286	October 7, 2023
Netflow as input for Suricata Help	4	3096	June 11, 2021
App layer not detecting flows Help	3	473	August 20, 2022
Suricata and Mikrotik help	1	350	April 25, 2024

New memeber in this community:)

Related topics