VIDEO
HIGHLIGHT
Log InSign up
01: What’s the quickest way to install Suricata in Ubuntu? Let’s explore the OISF PPA
SummaryTranscriptChat

01: What’s the quickest way to install Suricata in Ubuntu? Let’s explore the OISF PPA

Introduction to Suricata

Overview of Suricata

  • Suricata is a high-performance open-source network analysis and threat detection software used globally.
  • It produces high-fidelity network alerts along with various critical network protocol file transaction and flow data in an industry-standard JSON format for easy integration into popular SIEMs.

Installing Suricata on Ubuntu

Installation Process

  • The video will guide viewers through installing Suricata on Ubuntu using the OISF maintained Personal Package Archive (PPA).
  • Using the OISF PPA ensures access to the latest stable version of Suricata, avoiding older releases.

Community Engagement

  • Viewers are encouraged to like, subscribe, and engage in comments; they can also join the community forum for support and questions regarding Suricata.

Quick Installation Steps

Simplified Installation Path

  • The focus is on the easiest installation path using binary packages rather than building from source or advanced methods.
  • The default version available in Ubuntu may be older than the latest stable version from OISF; as of this recording, it’s version 6.0.4 compared to 7.0.3.

Preparing for Installation

Required Commands

  • Three commands must be executed before installing Suricata:
  • Install software prerequisites.
  • Add the OISF maintained PPA.
  • Update package references.

Access Requirements

  • Root privileges are required to run these commands, so users should ensure they have appropriate access.

Finalizing Installation

Executing Installation Commands

  • After preparing the system, users can install Suricata quickly; once completed, running suricata -v will confirm the installed version .

Configuring Network Interfaces

Initial Configuration Steps

  • To capture traffic, users need to configure their network interface correctly by editing /etc/suricata/suricata.yaml.
  • Users should change the default interface name from eth0 to match their primary network interface (e.g., ens33).

Starting and Monitoring Services

Service Management

  • After configuration changes, use systemctl to start or restart the Suricata service; checking its status ensures it is active and running.

Logging Information

  • Log information can be found at /var/log/suricata.json, which records live network traffic captures as well as PCAP files.

Next Steps After Installation

Future Content Preview

Playlists: Course: Getting Started with Suricata
Video description

Suricata is a high-performance, open-source network analysis, and threat detection software used around the globe. Suricata not only produces high-fidelity network alerts, but also a wide variety of other critical network protocol, file transaction, and flow data, all in an industry-standard JSON format for easy ingestion into many popular SIEMS - but what’s the quickest way to get started? In this video, we’ll explore installing Suricata in a few simple commands using the OISF maintained personal package archives, or PPA, for Ubuntu. If you’re looking for a video detailing installation on Ubuntu - I’ll make sure to add a link in the description. Links: - Installation: https://docs.suricata.io/en/latest/install.html#install-binary-packages