top of page
  • Brian

Suricata!



Suricata is a popular open-source Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Network Security Monitoring (NSM) solution. You may have heard of another similar solution known as Snort. The non-profit Open Information Security Foundation (OISF) created and currently maintains Suricata. Suricata utilizes rulesets containing signatures, and these rules define the actions Suricata takes when a rule match occurs (OISF, 2021). When configured as an IDS, Suricata can generate alerts by matching data from network packets to a ruleset containing Suricata rules.


 

Network Security Monitoring


NSM is a cyclical process of collection, detection, and analysis of network data. Before the inception of NSM, the detection was performed via a process known as intrusion detection, which neglected the collection and analysis portions of NSM. Additionally, NSM is a threat-centric approach where intrusion detection is vulnerability-centric. Threat-centric methods utilize threat intelligence to detect items that fall within an organization's threat model (Sanders & Smith, 2015). Suricata is useful in the practice of network security monitoring. Security analysts can develop signatures that generate an alert upon anomaly detection. Signature-based NSM solutions function very similarly to signature-based antivirus solutions (Andress, 2019).


If an anomaly is discovered that does not already have a corresponding rule for detection, a rule can be written to detect the anomaly. Once you have a rulefile containing the newly written rule, Suricata will need to be configured to use this ruleset. This can easily be done by manipulating a Suricata configuration file.


 

If you have not already, I recommend checking out Suricata.


Information about installing Suricata can be found here: https://suricata.readthedocs.io/en/latest/install.html


Information about writing rules with: https://suricata.readthedocs.io/en/latest/rules/intro.html


 

Refrences


Andress, J. (2019). Foundations of Information Security. No Starch Press.


Open Information Security Foundation. (2021). Suricata User Guide.

https://buildmedia.readthedocs.org/media/pdf/suricata/latest/suricata.pdf


Sanders, C., & Smith, J. (2014) Applied Network Security Monitoring. Syngress

https://doi.org/10.1016/b978-0-12-417208-1.00001-5

31 views0 comments

Recent Posts

See All
bottom of page