<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

The first practical guide for unlocking the potential of Suricata

NEW: Release 2.0.0 - updated November 2023 with two new chapters

Introducing “The Security Analyst’s Guide to Suricata” – the first practical guide to threat detection and hunting using Suricata, the world’s most popular open-source network security engine, Suricata.

The idea for this book emerged after it became obvious to authors Éric Leblond and Peter Manev that many security practitioners using Suricata either struggle to effectively use the most powerful capabilities of the tool or simply don’t realize they exist. 

Written for security operations center (SOC) analysts and threat hunters who use Suricata to gain insights into what is taking place on their networks, the book provides vital information on entry points and in-depth analysis on the most important Suricata features.

Get your copy of "The Security Analyst's Guide to Suricata"

Complete the the form to the right, and you will immediately receive an email giving you access to both PDF and eReader versions of "The Security Analyst's Guide to Suricata."

 

Suri4Analysts_TabletPDF_M

 

"Living" book is developed as an open-source project

The book is structured as a loose collection of chapters, each focused on a single subject area, such as Suricata rule writing or TLS detection and threat hunting. 

All its content is developed and managed on a GitHub repository and is open to all who wish to comment or contribute ideas. Readers who are looking for a simple text edition may access all content there.

 

Of course, we also package the book in PDF and eReader format for those who prefer the ready-to-read editions of the book. We hope to offer a printed version soon.

The open-source format makes it a living book that will grow and evolve over time with ongoing input from the authors as well as contributions and feedback from the Suricata community. 

 

Visit GitHub Repo

Meet the Authors

Éric Leblond

Éric Leblond is the co-founder and chief technology officer (CTO) of Stamus Networks and a member of the board of directors at Open Network Security Foundation (OISF).  Éric has more than 15 years of experience as co-founder and technologist of cybersecurity software companies and is an active member of the security and open-source communities. He has worked on the development of Suricata – the open-source network threat detection engine – since 2009 and is part of the Netfilter Core team, responsible for the Linux kernel's firewall layer. Eric is also the lead developer of the Suricata Language Server, a real-time syntax checking and autocomplete app for Suricata rule writers. Eric is a well-respected expert and speaker on network security.

Peter Manev

Peter Manev is the co-founder and chief strategy officer (CSO) of Stamus Networks and a member of the executive team at Open Network Security Foundation (OISF).  Peter has over 15 years of experience in the IT industry, including enterprise-level IT security practice. He is a passionate user, developer, and explorer of innovative open-source security software. He is responsible for training as well as quality assurance and testing on the development team of Suricata – the open-source threat detection engine. Peter is also the lead developer of SELKS, the popular turnkey open-source implementation of Suricata. Peter is a regular speaker and educator on open-source security, threat hunting, and network security.

What people are saying

Quote mark for testimonial

Suricata is the world’s most popular open-source network security engine for threat detection and hunting. This guide gives security analysts, educators, enterprises, and even hobbyists a powerful primer to help maximize the value of Suricata in their networks.

Matt Jonkman, founder and board member at OISF

Quote mark for testimonial

Widely known as a classic intrusion detection system (IDS), most security professionals don’t realize that Suricata can also simultaneously produce protocol and file transaction logs and flow records, and extract PCAPs and files – either independent of IDS alerts or fully-correlated with the IDS alerts. This data can provide vital information to analysts during incident investigation or threat hunting. This is just one example of the information that we uncover and explain in our book.

Peter Manev, CSO and co-founder of Stamus Networks

Quote mark for testimonial

Peter and Eric are two of the world’s leading authorities on Suricata, and have done an excellent job unlocking the true value of Suricata for the security analyst.

Matt Jonkman, founder and board member at OISF

Quote mark for testimonial

The idea for this book emerged after it became obvious to us that many security practitioners using Suricata either struggle to effectively use the most powerful capabilities of the tool or simply don’t realize they exist.

Éric Leblond, CTO and co-founder of Stamus Networks

Check out these additional Suricata-related resources

Below are a few of the many industry resources we have available. To see our complete set of resources, visit our resource library here >>

Scaling Suricata for Enterprise Deployment

Scaling Suricata for Enterprise Deployments

Download PDF
TP-Supercharge-Suricata-Library-Card

Supercharge Suricata Sensors with Clear NDR - Enterprise

Download PDF
Stamus_Suri_Cheat_JQNSM

Suricata Cheat Sheet: JQ Commands

Download PDF
IDS_PracticalGuide_ResourceLibrary

A Practical Guide for Migrating from your Legacy IDS/IPS

Download PDF

ABOUT STAMUS NETWORKS

Stamus Networks is the global leader in Suricata-based network security and the creator of the innovative Clear NDR™ system. Designed to close visibility gaps and reduce alert fatigue, Clear NDR transforms raw network traffic into actionable security insights with unmatched transparency, customization, and effectiveness. Trusted by leading financial institutions, government agencies, and participants in NATO’s largest cybersecurity exercises, Stamus Networks delivers proven, high-performance network detection and response solutions. Stamus empowers security teams – delivering clarity amidst complexity – with greater control, fewer false positives, faster response times, and a more responsive, open approach than legacy vendors.

Indianapolis, USA Paris, France

Privacy

© 2014-2025 Stamus Networks, Inc. All rights Reserved.