526互联

suricata规则管理

发布时间 2023-04-20 14:30:50作者: 凉城旧巷

suricata规则管理

1、suricata-update

suricata-update是官方推荐的一种管理、更新规则的方式

 

2、规则编写

参考:https://www.cnblogs.com/linagcheng/p/12559922.html#三规则分析

 

3、规则重载

suricatasc -c  reload-rules

 

4、测试规则编写

# 规则示例
alert tcp any any -> any any (msg:"hello"; content:"hello";)

alert tcp $EXTERNAL_NET any -> $HOME_NET 3306 (msg:"MySQL Login Attack"; sid:11619; gid:3; rev:6; classtype:attempted-admin; reference:cve,2006-1518; metadata: engine shared, soid 3|11619, service mysql;)

alert tcp any any -> 192.168.71.7 any  (msg:"TEST TRAFFIC";)