a Cheat Sheet for Suricata Users
This cheat sheet contains tips and tricks to select, filter and get rapid results from Suricata using JQ - the JSON command-line processing tool - by parsing standard Suricata eve.json logs.
The commands covered in this cheat sheet are focused on the network security monitoring (NSM) data and protocol logs such as SMB, Anomaly, HTTP, DNS, TLS, Flow and others.
Download this cheat sheet as a quick reference guide to the JQ commands used to query Suricata NSM data.
ABOUT STAMUS NETWORKS
Stamus Networks believes in a world where defenders are heroes, and a future where those they protect remain safe. As organizations face threats from well-funded adversaries, we relentlessly pursue solutions that make the defender’s job easier and more impactful. The global leader in Suricata-based network security solutions, Stamus Networks helps enterprise security teams know more, respond sooner and mitigate their risk with insights gathered from cloud and on-premise network activity. Our Stamus Security Platform combines the best of intrusion detection (IDS), network security monitoring (NSM), and network detection and response (NDR) systems into a single solution that exposes serious and imminent threats to critical assets and empowers rapid response.
© 2014-2024 Stamus Networks, Inc. All rights Reserved.