New memeber in this community:)

Hello i’m beginner on suricata, i have little project in my studies.
Perform Security Analysis with Suricata, pcap file
how can i start please ?
thnks a lot

Hello Lounes, welcome to our community ^^

If you are totally new to Suricata, I would suggest checking some of our videos on our YouTube channel. We have a short playlist on how to get started Help & How-To - YouTube and another with several webinars, some of which are about Threat Hunting Webinars - YouTube )

Another useful couple comments:

  • for reading a pcap file with Suricata, use the command-line option -r path/to/pcap
  • Suricata EVE logs have a field called flow_id which you can use to see all types of events Suricata has seen for a given network interaction (identifying a tuple with same Source IP, Source port, Destination IP, Destination port, Network protocol). As some of the webinars I’ve mention will explain in more detail, the flow_id is a powerful friend when investigating possible threats.

I hope this helps you get started, and that it wasn’t too basic!

Good luck with your project :slight_smile: