Tutorial Series

Securing Your Network with Suricata

Default avatar
By Jamon Camisso
Developer and author at DigitalOcean.
Securing Your Network with Suricata

Introduction

Suricata is a flexible, high performance Network Security Monitoring (NSM) tool that can detect and block attacks against your network.

This series will explore how to install Suricata on various operating systems, how to understand and write your own signatures to detect malicious or unknown traffic, and how to configure Suricata in both Intrusion Detection (IDS) and Intrusion Prevention (IPS) modes.

Once you have Suricata configured and running on your network, you’ll learn how to build your own Security Information and Event Management (SIEM) tool on top of the data that Suricata collects.

Summary View
detailed View

Series Tutorials

Tutorial

How To Install Suricata on Ubuntu 20.04

Updated on October 22, 2021

Suricata is a Network Security Monitoring (NSM) tool that uses sets of community created and user defined signatures (also referred to as rules) to examine and process network traffic. Suricata can generate log events, trigger alerts, and drop traffic when it detects suspicious packets or requests to any number of different services running on a server.

Tutorial

How To Install Suricata on Debian 11

Published on October 30, 2021

Suricata is a Network Security Monitoring (NSM) tool that uses sets of community created and user defined signatures (also referred to as rules) to examine and process network traffic. Suricata can generate log events, trigger alerts, and drop traffic…

Tutorial

How To Install Suricata on Rocky Linux 8

Published on November 16, 2021

Suricata is a Network Security Monitoring (NSM) tool that uses sets of community created and user defined signatures (also referred to as rules) to examine and process network traffic. In this tutorial you will learn how to install Suricata, and how to customize some of its default settings on Rocky Linux 8 to suit your needs.

Tutorial

How To Install Suricata on CentOS 8 Stream

Published on January 25, 2022

Suricata is a Network Security Monitoring (NSM) tool that uses sets of community created and user defined signatures (also referred to as rules) to examine and process network traffic. Suricata can generate log events, trigger alerts, and drop traffic…

Tutorial

Understanding Suricata Signatures

Published on November 24, 2021

In this tutorial you’ll learn how Suricata signatures are structured, and some important options that are commonly used in most rules. Once you are familiar with how to understand the structure and fields in a signature, you’ll be able to write your own signatures that you can combine with a firewall to alert you about most suspicious traffic to your servers, without needing to use other external rulesets.

Tutorial

In this tutorial you will learn how to configure Suricata’s built-in Intrusion Prevention System (IPS) mode. When you enable IPS mode, Suricata can actively drop suspicious network traffic in addition to generating alerts. Once you know which signatures you would like to use in IPS mode, you’ll convert their default action to drop or reject traffic. With your signatures in place, you’ll learn how to send network traffic through Suricata using the netfilter NFQUEUE iptables target.

Tutorial

In this tutorial you will learn how to configure Suricata’s built-in Intrusion Prevention System (IPS) mode on Debian 11. By default Suricata is configured to run as an Intrusion Detection System (IDS), which only generates alerts and logs suspicious traffic. When you enable…

Tutorial

In this tutorial you will learn how to configure Suricata’s built-in Intrusion Prevention System (IPS) mode on Rocky Linux 8. By default Suricata is configured to run as an Intrusion Detection System (IDS), which only generates alerts and logs suspicious traffic. When you…

Tutorial

The previous tutorials in this series guided you through installing, configuring, and running Suricata as an Intrusion Detection (IDS) and Intrusion Prevention (IPS) system. You also learned about Suricata rules and how to create your own. In this tutorial you will explore…

Tutorial

The previous tutorials in this series guided you through installing, configuring, and running Suricata as an Intrusion Detection (IDS) and Intrusion Prevention (IPS) system. You also…

Tutorial

The previous tutorials in this series guided you through installing, configuring, and running Suricata as an Intrusion Detection (IDS) and Intrusion Prevention (IPS) system. You also learned about Suricata rules and how to create your own. In this tutorial you will explore…

Tutorial

The previous tutorials in this series guided you through installing, configuring, and running Suricata as an Intrusion Detection (IDS) and Intrusion Prevention (IPS) system. You also learned about Suricata rules and how to create your own. In this tutorial you will…

Tutorial

In this final tutorial in the series, you will create custom Kibana rules and generate alerts within Kibana’s SIEM dashboards. Once you have rules in place and understand where and how to filter Suricata’s logs using Kibana, you’ll explore how to create and manage cases using Kibana’s timeline analysis tools.

By the end of this tutorial you will have a SIEM system that you can use to track and investigate security events across all of the servers in your network.

Check out all our Tutorial Series

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.