Hello frens!

I’m unbelievably excited to be FINALLY bringing you this topic. Suricata is THE SINGLE GREATEST open source software for cybersecurity and I’ll argue that to the grave. This will be the first of many posts explaining how to use Suricata to make a simple NDR. The truth is that to create the multimillion dollar NDR that I made, it would be more harm than good for those learning to try and get a job, so we’ll hit all the major parts - enough to be efficient with your time studying but enough knowledge to really knock it out of the park in an interview.

With all that being said, let’s dive in.

What is SURICATA?

It’s an Intrusion Detection System - a program that analyzes network traffic to look for traffic that is malicious or suspicious.

Why do we want an IDS? It’s a legitimate question for the aspiring Hoodie.

Why can’t we just look at PCAP files?