New memeber in this community:)

Lounes-Kheris98 · December 19, 2021, 12:54am

Hello i’m beginner on suricata, i have little project in my studies.
Perform Security Analysis with Suricata, pcap file
how can i start please ?
thnks a lot

jufajardini · December 20, 2021, 9:42am

Hello Lounes, welcome to our community ^^

If you are totally new to Suricata, I would suggest checking some of our videos on our YouTube channel. We have a short playlist on how to get started Help & How-To - YouTube and another with several webinars, some of which are about Threat Hunting Webinars - YouTube )

Another useful couple comments:

for reading a pcap file with Suricata, use the command-line option -r path/to/pcap
Suricata EVE logs have a field called flow_id which you can use to see all types of events Suricata has seen for a given network interaction (identifying a tuple with same Source IP, Source port, Destination IP, Destination port, Network protocol). As some of the webinars I’ve mention will explain in more detail, the flow_id is a powerful friend when investigating possible threats.

I hope this helps you get started, and that it wasn’t too basic!

Good luck with your project

Topic		Replies	Views
Suricata and Mikrotik help	0	62	April 4, 2024
Create a website that analyzes pcap files with Suricata Help suricata , pcaps	5	320	October 7, 2023
Visualization of the matches Tips and Tricks	2	319	February 3, 2023
How to find out which packets triggering the alert Help	2	889	December 13, 2021
Suricata not detecting some packets in a pcap Help rules , suricata , pcaps	4	438	August 10, 2023

New memeber in this community:)

Related Topics