본문 바로가기
IT보안/Suricata

수리카타 사용자 가이드 (Suricata User Guide 번역)

by Joe! 2019. 8. 29.
반응형

수리카타 사용자 가이드

  • 1. 수리카타 소개 (What is Suricata)
    • 1.1. About the Open Information Security Foundation
  • 2. 설치 (Installation)
    • 2.1. Source
    • 2.2. Binary packages
    • 2.3. Advanced Installation
  • 3. 명령줄 옵션 (Command Line Options)
    • 3.1. Unit Tests
  • 4. Suricata 탐지 규칙 (Suricata Ruleset)
    • 4.1 탐지 규칙 양식 (Rules Format)
    • 4.2. Meta Keywords
    • 4.3. IP Keywords
    • 4.4. TCP keywords
    • 4.5. ICMP keywords
    • 4.6. Payload Keywords
    • 4.7. Transformations
    • 4.8. Prefiltering Keywords
    • 4.9. Flow Keywords
    • 4.10. Bypass Keyword
    • 4.11. HTTP Keywords
    • 4.12. File Keywords
    • 4.13. DNS Keywords
    • 4.14. SSL/TLS Keywords
    • 4.15. SSH Keywords
    • 4.16. JA3 Keywords
    • 4.17. Modbus Keyword
    • 4.18. DNP3 Keywords
    • 4.19. ENIP/CIP Keywords
    • 4.20. FTP/FTP-DATA Keywords
    • 4.21. Kerberos Keywords
    • 4.22. Generic App Layer Keywords
    • 4.23. Xbits Keyword
    • 4.24. Thresholding Keywords
    • 4.25. IP Reputation Keyword
    • 4.26. Lua Scripting
    • 4.27. Differences From Snort
  • 5. 탐지 규칙 관리 (Rule Management)
    • 5.1. Rule Management with Suricata-Update
    • 5.2. Rule Management with Oinkmaster
    • 5.3. Adding Your Own Rules
    • 5.4. Rule Reloads
  • 6. Alert에 대한 이해 (Making sense out of Alerts)
  • 7. 성능 (Performance)
    • 7.1. Runmodes
    • 7.2. Packet Capture
    • 7.3. Tuning Considerations
    • 7.4. Hyperscan
    • 7.5. High Performance Configuration
    • 7.6. Statistics
    • 7.7. Ignoring Traffic
    • 7.8. Packet Profiling
    • 7.9. Rule Profiling
    • 7.10. Tcmalloc
  • 8. 설정 (Configuration)
    • 8.1. Suricata.yaml
    • 8.2. Global-Thresholds
    • 8.3. Snort.conf to Suricata.yaml
    • 8.4. Multi Tenancy
    • 8.5. Dropping Privileges After Startup
  • 9. 평판 (Reputation)
    • 9.1. IP Reputation
  • 10. 초기화 스크립트 (Init Scripts)
  • 11. Linux환경에서 IPS/inline 설정 (Setting up IPS/inline for Linux)
    • 11.1. Iptables configuration
  • 12. Windows환경에서 IPS/inline 설정 (Setting up IPS/inline for Windows)
  • 13. 출력 (Output)
    • 13.1. EVE
    • 13.2. Lua Output
    • 13.3. Syslog Alerting Compatibility
    • 13.4. Custom http logging
    • 13.5. Custom tls logging
    • 13.6. Log Rotation
  • 14. Lua 지원 (Lua support)
    • 14.1. Lua usage in Suricata
    • 14.2. Lua functions
  • 15. 파일 추출 (File Extraction)
    • 15.1. Architecture
    • 15.2. Settings
    • 15.3. Output
    • 15.4. Rules
    • 15.5. MD5
  • 16. 공개 데이터들 (Public Data Sets)
  • 17. 캡처 하드웨어 사용 (Using Capture Hardware)
    • 17.1. Endace DAG
    • 17.2. Napatech Suricata Installation Guide
    • 17.3. Myricom
    • 17.4. eBPF and XDP
  • 18. Unix Socket을 통한 상호작용 (Interacting via Unix Socket)
    • 18.1. Introduction
    • 18.2. Commands in standard running mode
    • 18.3. Commands on the cmd prompt
    • 18.4. Pcap processing mode
    • 18.5. Build your own client
  • 19. 메뉴얼 페이지 (Man Pages)
    • 19.1. Suricata
  • 20. 감사의 글 (Acknowledgements)
  • 21. 라이선스 (Licenses)
    • 21.1. GNU General Public License
    • 21.2. Creative Commons Attribution-NonCommercial 4.0 International Public License
    • 21.3. Suricata Source Code
    • 21.4. Suricata Documentation

 

개인적인 공부를 위하여 수리카다 사용자 가이드(4.1.4 버전 기준)를 번역합니다.

혹시 잘못된 부분이 있다면 많은 조언 부탁드립니다.

원문 URL :

https://suricata.readthedocs.io/en/suricata-4.1.4/

 

Suricata User Guide — Suricata 4.1.0-dev documentation

© Copyright 2016, OISF Revision 14c2b6e4.

suricata.readthedocs.io

 

반응형

'IT보안 > Suricata' 카테고리의 다른 글

IDS/IPS 탐지성능 향상을 위한 Hyperscan 설치하기 (CentOS)  (0) 2018.11.17

관련글

댓글

티스토리툴바