Key fast facts that can be learned from their work:
- How Suricata can be leveraged to provide deep insights into Windows host activities without agents or access to the logs
- How to leverage modern Suricata to go beyond signature-based threat detection to simultaneously produce protocol and file transaction logs and flow records, and extract PCAPs and files – either independent of IDS alerts or fully-correlated with the IDS alerts
- How to write powerful Suricata signatures with predictable performance
The Security Analyst’s Guide to Suricata is not meant to replace the user guide but was written to offer additional support for the security practitioner. The authors have taken an open-source approach to develop the content, making it a living work that will grow and evolve over time with ongoing input from the authors as well as contributions and feedback from the Suricata community.