A few years ago (5 actually), I wrote a Sublime Text syntax highlighter for Suricata 5.0. It was missing keywords and used an existing language for the styling. Fortunately, I found some time to revisit this little project and I’m happy to announce that SublimeSuricata is now updated for Suricata 7.0 (based on 7.0.0rc1), now with it’s own color scheme. While this won’t rival the likes of Stamus Network’s feature rich Suricata Language Server, I’d still like to offer this out as a simpler syntax highlighter.
Many keywords do share the same coloring, this is simply based on the frequency of use here at Emerging Threats. For example, we write way more HTTP based rules than we do DHCP rules, it only makes sense to use the ‘lesser used’ coloring for DHCP and the ‘more commonly used’ coloring for HTTP keywords. You’ll also find an experimental feature in ‘warnings’ and ‘errors’. ‘Warnings’ refer to Emerging Threats styling and how we structure our rules internally (I know some people would appreciate this information when submitting rules to us) and ‘errors’ refers to genuine logic mistakes. It’s very unlikely you’ll see an ‘error’ highlighting due to the fact that there’s only 1 error condition right now and that’s the repeat of a sticky buffer without any content being used (ex. dns.query; dns.query;).
- Warnings are highlighted with a yellow background.
- Errors are highlighted with a red background.
This is a feature I’m personally curious about and would love to get feedback as to whether you think this would be frustrating or genuinely useful so please, light up my Twitter DMs or reply here with feedback.
You can find SublimeSuricata here - GitHub - ozuriexv/SublimeSuricata
Alternatively, if you feel like providing a signal boost, I’ve tweeted about it here - https://twitter.com/EcOzurie/status/1635908463766249473
Thanks and enjoy!