Practical Suricata

Follow these commands step by step -> sudo apt-get install software-properties-common sudo add-apt-repository ppa:oisf/suricata-stable sudo apt-get update sudo apt-get install suricata It will be installed directly. Use the github repo testmynids.org to generate malicious traffic inside the network and monitor the alerts. Or follow the next steps for some adventure , adding custom rules and basic testing methods. Generating custom rules in suricata: ARP request alerts: Open the suricata.rules file, where we will add the rule: sudo vim /var/lib/suricata/rules/suricata.rules Add the following rule in your desired location inside the file: alert arp any any -> any any (msg:"LOCAL Testnet ARP Scanning Detected"; threshold: type both, track by_src, count 15, seconds 5; sid:1000002; rev:1;) Command debrief: “If any device sends 15 or more ARP packets within 5 seconds, generate an alert with ID 1000002.” ...

October 12, 2025 · 2 min · 390 words · 0x-s0M3n4th