Using jq for Suricata Log Parsing

preview_player
Показать описание

Suricata is a high-performance Network Threat Detection, IDS, IPS, and Network Security Monitoring engine. Open source and owned by a community-run, non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by OISF, its supporting vendors, and the community.

Corey Thomas is OISF's QA automation Engineer. He's always finding ways to consistently reproduce problems and performance changes. He's helped build and automate OISF’s hardware QA lab and integrate with Github PRs. He has been an Open Source contributor and IT professional for over a dozen years, making the world a safer place, one bug at a time.

Forum announcement:

Presentation Slides:

Cheat sheet:

Suricata-verify test with multi eve files:
  1. OISF-Suricata
  2. suricata
  3. intrusion detetion
  4. intrusion prevention
  5. jq
  6. json
Рекомендации по теме
Using jq for 0:51:38

Using jq for Suricata Log Parsing

Google Cybersec Lab 0:17:27

Google Cybersec Lab Project; Examine Alerts, logs, and rules with Suricata in Linux

Dive into Zeek: 0:09:17

Dive into Zeek: Enhanced Security with Suricata

Cybersecurity Tool: How 0:12:49

Cybersecurity Tool: How To Install an IDS (Suricata)

Examine alerts, logs, 0:19:34

Examine alerts, logs, and rules with Suricata

Investigating NullMixer Network 0:16:57

Investigating NullMixer Network Traffic: IDS Rules from Suricata and Evebox

Use JQ to 0:21:41

Use JQ to play with JSON on command line

Activity: Explore signatures 0:07:36

Activity: Explore signatures and logs with Suricata

Intrusion Detection with 0:52:16

Intrusion Detection with Suricata | Blue Team Series with Hackersploit

Security Onion Conference 0:57:40

Security Onion Conference 2021 - Hunting Malware with Suricata Metadata by Josh Stroschein

Installing and Configuring 0:13:54

Installing and Configuring Suricata in REMnux

How to Install 0:51:57

How to Install & Configure Suricata IDS/IPS on Ubuntu

Installing & Configuring 0:27:16

Installing & Configuring Suricata

Log4Shell Case Study: 0:39:41

Log4Shell Case Study: Using Suricata for Incident Response

How-To: Configuring Arkime 0:11:08

How-To: Configuring Arkime with Suricata

KringleCon 2019 - 0:10:24

KringleCon 2019 - 12/12 - Zeek Analysis Terminal & Weather Data Filtering

vZW20 - Day 0:17:58

vZW20 - Day 2 -Going Beyond Alerts - Maximizing Network Defense with Suricata 6.0 - Josh Stroschein

Installing Suricata and 0:13:20

Installing Suricata and Filebeat on Centos and Shipping Suricata Logs to Elastic SIEM

Open-Source Security: Analyzing 1:09:13

Open-Source Security: Analyzing Network Traffic with Suricata

👿 Malware Mondays 1:06:25

👿 Malware Mondays Episode 06 - Analyzing Malicious Network Traffic with Suricata

ZeekWeek 2022 - 0:27:10

ZeekWeek 2022 - Filtering Logs Like a Pro - Justin Azoff

How-To: Installing EveBox 0:17:39

How-To: Installing EveBox for Managing Events and Alerts from Suricata

Threat Hunting Tutorial- 0:33:47

Threat Hunting Tutorial- Day 7, Hunt on Network Logs, PCAP

Adding new rule 0:58:04

Adding new rule keywords to Suricata: Live coding session