Suricata用户手册

• 1. 什么是Suricata
  • 1.1. 关于开放信息安全基金会
• 2. 安装
  • 2.1. 源码方式
  • 2.2. 二进制包
  • 2.3. 高级安装
• 3. 命令行选项
  • 3.1. 单元测试
• 4. Suricata规则
  • 4.1. 规则格式
  • 4.2. 元关键字
  • 4.3. IP关键字
  • 4.4. TCP关键字
  • 4.5. ICMP关键字
  • 4.6. Payload关键字
  • 4.7. 预过滤关键字
  • 4.8. 流关键字
  • 4.9. HTTP关键字
  • 4.10. File Keywords
  • 4.11. DNS Keywords
  • 4.12. SSL/TLS Keywords
  • 4.13. JA3 Keywords
  • 4.14. Modbus Keyword
  • 4.15. DNP3 Keywords
  • 4.16. ENIP/CIP Keywords
  • 4.17. FTP/FTP-DATA Keywords
  • 4.18. Kerberos Keywords
  • 4.19. Generic App Layer Keywords
  • 4.20. Xbits Keyword
  • 4.21. Thresholding Keywords
  • 4.22. IP Reputation Keyword
  • 4.23. Lua Scripting
  • 4.24. Differences From Snort
• 5. Rule Management
  • 5.1. Rule Management with Suricata-Update
  • 5.2. Rule Management with Oinkmaster
  • 5.3. Adding Your Own Rules
  • 5.4. Rule Reloads
• 6. Making sense out of Alerts
• 7. Performance
  • 7.1. Runmodes
  • 7.2. Packet Capture
  • 7.3. Tuning Considerations
  • 7.4. Hyperscan
  • 7.5. High Performance Configuration
  • 7.6. Statistics
  • 7.7. Ignoring Traffic
  • 7.8. Packet Profiling
  • 7.9. Rule Profiling
  • 7.10. Tcmalloc
• 8. Configuration
  • 8.1. Suricata.yaml
  • 8.2. Global-Thresholds
  • 8.3. Snort.conf to Suricata.yaml
  • 8.4. Multi Tenancy
  • 8.5. Dropping Privileges After Startup
• 9. Reputation
  • 9.1. IP Reputation
• 10. Init Scripts
• 11. Setting up IPS/inline for Linux
  • 11.1. Iptables configuration
• 12. Setting up IPS/inline for Windows
• 13. 输出
  • 13.1. EVE
  • 13.2. Lua Output
  • 13.3. Syslog Alerting Compatibility
  • 13.4. Custom http logging
  • 13.5. Custom tls logging
  • 13.6. Log Rotation
• 14. Lua support
  • 14.1. Lua usage in Suricata
  • 14.2. Lua functions
• 15. File Extraction
  • 15.1. Architecture
  • 15.2. Settings
  • 15.3. Output
  • 15.4. Rules
  • 15.5. MD5
• 16. Public Data Sets
• 17. Using Capture Hardware
  • 17.1. Endace DAG
  • 17.2. Napatech Suricata Installation Guide
  • 17.3. Myricom
  • 17.4. eBPF and XDP
• 18. Interacting via Unix Socket
  • 18.1. Introduction
  • 18.2. Commands in standard running mode
  • 18.3. Commands on the cmd prompt
  • 18.4. Pcap processing mode
  • 18.5. Build your own client
• 19. Man Pages
  • 19.1. Suricata
• 20. Acknowledgements
• 21. Licenses
  • 21.1. GNU General Public License
  • 21.2. Creative Commons Attribution-NonCommercial 4.0 International Public License
  • 21.3. Suricata Source Code
  • 21.4. Suricata Documentation