Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jasonish/experimental-suricata-training
https://github.com/jasonish/experimental-suricata-training
Last synced: about 2 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/jasonish/experimental-suricata-training
- Owner: jasonish
- Created: 2022-07-11T23:01:20.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-03-08T05:40:37.000Z (9 months ago)
- Last Synced: 2024-08-02T07:12:30.779Z (4 months ago)
- Language: Shell
- Size: 24.1 MB
- Stars: 5
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-suricata - Experimental Suricata Training Environment - Experimental Suricata Training Environment. (Training)
README
# Experimental Suricata Training Environment
## Requirements
This training environment requires Docker and Docker compose. These can be
installed on Windows, Mac and Linux with Docker Desktop:
https://www.docker.com/products/personal/
If on Linux, Docker and Docker-Compose are likely available from your
package manager.
## Setup
First clone this git repository:
```
git clone https://github.com/jasonish/experimental-suricata-training
```
> **_NOTE:__ Depending on how you installed docker the command might
> be `docker-compose` or `docker compose`.
Then docker-compose up:
```
cd experimental-suricata-training
docker-compose up
```
To access the training environment CLI:
```
docker-compose exec suricata bash
```
To access EveBox for visual event display go to http://localhost:5636 with a
browser on your machine.
## Replaying a PCAP
To replay a PCAP first enter the training environment CLI (see above),
then run the following command:
```
./suri-replay-pcap.sh ../pcaps/purplefox-exploit-kit-with-powershell-payloads.pcap
```