<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

Suricata Rule Syntax Checking

The syntax checking identifies syntax errors and – maybe even more interesting – it also provides warnings about performance issues as well as hints to help the rules writer.

 

Stamus Labs - Suricata Rule Syntax Checking

Suricata Rule Auto-Completion

The second key feature is auto-completion. This is performed using a direct link to the documentation as you can see in this screenshot of a Neovim editor using SLS:

 

Stamus Labs - Suricata Rule Auto-Completion

Suricata Rule Performance Guidance

SLS also provides real-time performance guidance to the rule writer. It does so with feedback from the Suricata engine and with logic implemented in SLS itself. Performance guidance includes hints such as information about automatic Suricata fast pattern selection and warnings about potential serious performance issues caused by a rule that only has a PCRE regular expression.

 

Stamus Labs - Suricata Rule Performance Guidance

Join the Community Discussion

Have questions or comments about the Suricata Language Server (SLS) project?

Interested in contributing to the code or knowledge base?

 

Open your pull request on the project's GitHub repository.

Or join the discussion on our Discord server.

Go to SLS Project on GitHub
Join Stamus Labs on Discord

Additional Resources

Stamus-Accelerate-Suri-Rules-with-SLS

Accelerate Suricata Rule Writing with Suricata Language Server (v0.9.0 now available)

Read More
Stamus_Book_Thumb_AnalystSuri_1

Security Analyst's Guide to Suricata

Download
Suricata-LanguageServer

Intro to Suricata Language Server: Real-time Rule Syntax Checking and Auto-completion

Read More

ABOUT STAMUS NETWORKS

Stamus Networks believes in a world where defenders are heroes, and a future where those they protect remain safe. As organizations face threats from well-funded adversaries, we relentlessly pursue solutions that make the defender’s job easier and more impactful. The global leader in Suricata-based network security solutions, Stamus Networks helps enterprise security teams know more, respond sooner and mitigate their risk with insights gathered from cloud and on-premise network activity. Our Stamus Security Platform combines the best of intrusion detection (IDS), network security monitoring (NSM), and network detection and response (NDR) systems into a single solution that exposes serious and imminent threats to critical assets and empowers rapid response. 

Indianapolis, USA Paris, France

Privacy

© 2014-2024 Stamus Networks, Inc. All rights Reserved.