Light

stamusnetworks / suricata-4-analysts Goto Github PK

View Code? Open in Web Editor NEW

45.0 6.0 9.0 11.78 MB

The Security Analyst’s Guide to Suricata

License: Creative Commons Attribution Share Alike 4.0 International

Makefile 7.96% Batchfile 9.96% Python 72.89% TeX 9.19%

suricata-4-analysts's Introduction

The Security Analyst’s Guide to Suricata

Introduction

Stamus Networks is pleased to offer the first ‘open source’ Suricata-focused book, The Security Analyst’s Guide to Suricata. Written by the founders of Stamus Networks, Éric Leblond and Peter Manev, this project provides SOC analysts and threat hunters with information on entry points and in-depth coverage for the most important Suricata features.

The book is not to act as a replacement for the Suricata manual, which is a valuable source of information and should be used as a reference tool by Suricata users. Instead, its unique ‘open source’ format will grow and evolve over time with ongoing input from Éric and Peter as well as contributions and feedback from the Suricata community.

Contribution

We are listing the code/text for the book here, but you can also find the latest published version of the book at Stamus Networks. We welcome contributions to the book and you can propose updates and provide feedback on this Github. If you want to contribute a specific topic, please check existing issues and, if needed, open one describing your addition so we can tell you if it is inline with the content we project on the book and has a chance to be accepted.

suricata-4-analysts's People

Contributors

Stargazers

Watchers

Forkers

gellanyhassan0 mavam wenhao-in-chengdu willie-lin 5l1v3r1 myhkho sphill007 jufajardini dallonrobinette

suricata-4-analysts's Issues

help / not covered in the book

not an issue, just an attempt to get help.

I'm trying everything I can to keep DoH / DoT / DoQ out of my network.

I've already published several methods to achieve this, my manual here, my suricata rules here, daily updated.

Now looking into the data, returned by an SVCB DNS query.
initial discussion (pi-hole forum) here
question on the suricata forum here

TLDR; My opinion, SVCB data can be used by “rogue” applications to bypass the system configured DNS server, therefore, I would like to add a suricata rule that blocks SVCB (type 64) DNS queries.

The question, given wireshark is able to identify type 64 queries, how would suricata be able to block / reject these DNS queries

Thanks for your time and effort.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.