<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

Suricata Rule Syntax Checking

The syntax checking identifies syntax errors and – maybe even more interesting – it also provides warnings about performance issues as well as hints to help the rules writer.


Stamus Labs - Suricata Rule Syntax Checking

Suricata Rule Auto-Completion

The second key feature is auto-completion. This is performed using a direct link to the documentation as you can see in this screenshot of a Neovim editor using SLS:


Stamus Labs - Suricata Rule Auto-Completion

Suricata Rule Performance Guidance

SLS also provides real-time performance guidance to the rule writer. It does so with feedback from the Suricata engine and with logic implemented in SLS itself. Performance guidance includes hints such as information about automatic Suricata fast pattern selection and warnings about potential serious performance issues caused by a rule that only has a PCRE regular expression.


Stamus Labs - Suricata Rule Performance Guidance

Join the Community Discussion

Have questions or comments about the Suricata Language Server (SLS) project?

Interested in contributing to the code or knowledge base?


Open your pull request on the project's GitHub repository.

Or join the discussion on our Discord server.

Go to SLS Project on GitHub
Join Stamus Labs on Discord

Additional Resources


Accelerate Suricata Rule Writing with Suricata Language Server (v0.9.0 now available)

Read More

Security Analyst's Guide to Suricata


Intro to Suricata Language Server: Real-time Rule Syntax Checking and Auto-completion

Read More