Stamus Labs | Jupyter Playbooks for Suricata

What are Jupyter Playbooks for Suricata?

An open source project developed and supported by Stamus Networks, the Jupyter Playbooks for Suricata are a set of Jupyter notebooks for analyzing Suricata logs.

A Jupyter Notebook is a web-based interactive computing platform. At its core, it is a python-based interactive development environment (IDE), however it is commonly used for data science.

For the network security analyst, Jupyter Notebooks are a powerful platform for exploring Suricata EVE data.

Using Jupyter with Suricata

Stamus Labs has developed specialized Jupyter Playbooks for Suricata to interact with Stamus Community Edition (Stamus CE) and SELKS for threat hunting and data exploration. Suricata users, especially ones using SELKS, can use the playbooks to explore Suricata EVE JSON logs and extract useful insights from EVE NSM data

Example use cases include:

Update Suricata rules
Interact with Suricata for threat hunting and data exploration
Statistical analysis on event_type records
Suricata for IP Investigation
Parse PCAPs with Suricata

Additional Resources

Jupyter Playbooks for Suricata - Part 1

Jupyter Playbooks for Suricata - Part 2

Jupyter Playbooks for Suricata - Part 3

ABOUT STAMUS NETWORKS

Stamus Networks believes in a world where defenders are heroes, and a future where those they protect remain safe. As organizations face threats from well-funded adversaries, we relentlessly pursue solutions that make the defender’s job easier and more impactful. The global leader in Suricata-based network security solutions, Stamus Networks helps enterprise security teams know more, respond sooner and mitigate their risk with insights gathered from cloud and on-premise network activity. Our Stamus Security Platform combines the best of intrusion detection (IDS), network security monitoring (NSM), and network detection and response (NDR) systems into a single solution that exposes serious and imminent threats to critical assets and empowers rapid response.

Jupyter Playbooks for Suricata

What are Jupyter Playbooks for Suricata?

Jupyter Playbooks for Suricata.

Using Jupyter with Suricata

Join the Community Discussion

Have questions or comments about the Jupyter Playbooks project?

Interested in contributing to the code or knowledge base?

Open your pull request on the project's GitHub repository.

Or join the discussion on our Discord server.

Additional Resources

Jupyter Playbooks for Suricata - Part 1

Jupyter Playbooks for Suricata - Part 2

Jupyter Playbooks for Suricata - Part 3

Jupyter Playbooks for Suricata

What are Jupyter Playbooks for Suricata?

Jupyter Playbooks for Suricata.

Using Jupyter with Suricata

Join the Community Discussion

Have questions or comments about the Jupyter Playbooks project?

Interested in contributing to the code or knowledge base?Open your pull request on the project's GitHub repository.

Or join the discussion on our Discord server.

Additional Resources

Jupyter Playbooks for Suricata - Part 1

Jupyter Playbooks for Suricata - Part 2

Jupyter Playbooks for Suricata - Part 3

Interested in contributing to the code or knowledge base?

Open your pull request on the project's GitHub repository.