suricata – Page 5 – WindowsTechs.com

How can I leverage Moloch with Suricata?

Posted on August 27, 2018 by calk93

Moloch is being used to capture and store packets.
Is there a way to have Suricata just run on the packets that Moloch has stored rather than having Suricata also listening on the same wire?

Continue reading How can I leverage Moloch with Suricata?→

Virustotal detecting threats in Suricata rule set

Posted on August 27, 2018 by calk93

Virustotal scans are detecting threats from the Suricata default rule pack located https://rules.emergingthreats.net/open/suricata-4.0/

Is this a false positive?
https://www.virustotal.com/#/file/c20b744a3ca4d8fef3fa23633db7e94edd064d5ea… Continue reading Virustotal detecting threats in Suricata rule set→

How can I get Suricata to alert on 1 packet every time

Posted on July 11, 2018 by MikeSchem

I am trying to write a Suricata signature for testing purposes to alert every time it is triggered with a single PCAP file containing a single packet, but this is proving to be harder than I thought.

For instance, I have the following rul… Continue reading How can I get Suricata to alert on 1 packet every time→

Why doesn’t Suricata alert when I attack Metasploitable?

Posted on May 15, 2018 by inarighas

I am new to Suricata and Snort (school assignement), and I have a question regarding rules of Suricata. I was able to perform attacks on the Metasploitable 2 virtual machine (using the exploitability guide). Suricata succeeds… Continue reading Why doesn’t Suricata alert when I attack Metasploitable?→

Pulled Pork – Suricata & Snort Rule Management

Posted on November 28, 2016 by Darknet

Pulled Pork is a PERL based tool for Suricata and Snort rule management – it can determine your version of Snort and automatically download the latest rules for you. The name was chosen because simply speaking, it Pulls the rules. Using a regular crontab you can keep your Snort or Suricata rules up to date […]

The post Pulled Pork –…

Read the full post at darknet.org.uk

Continue reading Pulled Pork – Suricata & Snort Rule Management→

Scirius – Suricata Ruleset Management Web Application

Posted on October 7, 2016 by Darknet

Scirius Community Edition is a web interface dedicated to Suricata ruleset management. It handles the rules file and update associated files. A Ruleset is made of components selected in different Sources. A Source is a set of files providing informatio… Continue reading Scirius – Suricata Ruleset Management Web Application→