Suricata IDS is published in different formats, among the standard ones are the pre-compiled binaries as RPM or DEB packages. Those packages offer an easy way to install/upgrade Suricata and are configured for the most common use-cases, for that, some of the features that you might want to use are disabled in these packages, and […]
Building a Custom Suricata DEB Package Read More »
Continuing with our previous posts describing why & how to alert on Indicators of Compromise with Suricata IDS using the Dataset feature, in this post, we will describe, how to alert on malicious files observed in the network. For that, we will use a list of Malware hashes obtained from abuse.ch ThreaFox API, But first,
Configuring Suricata IDS to alert on Malicious Files Hashes Read More »
In our previous post, we talked about Why you should use Suricata IDS to alert on IOCs, Suricata has a relatively new feature called Datasets, that allows you to alert on a Indicators of Compromise (IOCs), such as malicious domains and IPs. This feature works in a very simple way, you need to create a
Alerting on IOCs using Suricata Read More »
Summary In this post, I will explain why you should utilize Suricata IDS to alert on Network-Based Indicators of Compromise (IOCs), what are the traditional approach and its limitations, How Suricata will differ & what advantages you will get. Introduction Traditionally, SOC Operators used network Indicators of Compromise (IOCs) (eg: domains, IP…etc.) to detect malicious
Why you should use Suricata IDS to alert on IOCs Read More »
