Rule grammar specification

mmxmb · August 30, 2021, 2:25pm

Is Suricata rule grammar specified somewhere? EBNF or PEG notation would be ideal. I can’t find anything in the official documentation.

jufajardini · September 3, 2021, 2:23pm

Hey there!

Welcome to our forum ^^

As far as we can tell, there isn’t such a specification. I have added a ticket in issue tracker, in case anyone from the community is willing and able to contribute with that Documentation #4662: Add documentation section covering Suricata rule grammar - Suricata - Open Information Security Foundation

Topic		Replies	Views
Developing rules for beginners Developers	4	494	August 22, 2020
Running Suricata default in Windows Rules	3	423	May 24, 2023
Instruction to write rules on Suricata Help	7	1464	February 12, 2021
OT \| How does Suricata store the rules in memory? Developers	0	398	May 5, 2022
Rule tuning and management - Exclusions and false positives Help	2	1144	February 4, 2022