apk add suricata # suricata-openrc
check the version you would get from the main repo
apt search suricata
versus the version you would get from the official repo
apt install software-properties-common dirmngr add-apt-repository ppa:oisf/suricata-stable ENTER apt search suricata
use official repo
apt install software-properties-common add-apt-repository ppa:oisf/suricata-stable ENTER apt install suricata
see suricata-source
enable all free-of-charge community rules
suricata-update update-sources
suricata-update list-sources
suricata-update list-enabled-sources
# MIT & GPL
for source in \
et/open \
oisf/trafficid \
etnetera/aggressive \
tgreen/hunting \
malsilo/win-malware \
stamus/lateral \
; do
suricata-update enable-source $source
done; unset source
# Non-Commercial
for source in \
sslbl/ssl-fp-blacklist \
sslbl/ja3-fingerprints \
; do
suricata-update enable-source $source
done; unset source
those are gone?
ptresearch/attackdetection \
apply
suricata-update
suricata --build-info | grep -i geoip
get rid of a whole ruleset source
#suricata-update disable-source sslbl/ja3-fingerprints
https://nsrc.org/workshops/2015/pacnog17-ws/attachments/ex-installing-suricata.htm
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Debian_Installation
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Ubuntu_Installation
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Installation
http://ppa.launchpad.net/oisf/suricata-stable/ubuntu/pool/main/s/suricata/
https://docs.suricata.io/en/latest/install.html#debian
https://docs.suricata.io/en/latest/install.html#ubuntu-from-personal-package-archives-ppa
https://computingforgeeks.com/how-to-install-suricata-ids-ips-on-debian/