Skip to main content
NCSS 2023

8 -10 APRIL 2025



National Cyber Security Show

21 Apr 2023

Stamus Networks Publishes “The Security Analyst’s Guide to Suricata”

Stamus Networks LLC Stand: 5/O18
New book is the first practical guide for unlocking the full potential of Suricata

Written for security operations center (SOC) analysts and threat hunters who use Suricata to gain insights into what is taking place on their networks, the book provides vital information on entry points and in-depth analysis on the most important Suricata features.

Authors Peter Manev and Éric Leblond have been active contributors to the Suricata project for more than 10 years. And they both hold leadership positions in the organization that governs Suricata development, the Open Information Security Foundation (OISF). The pair founded Stamus Networks in 2014, a company that embeds Suricata in their commercial network detection and response (NDR) solutions to help enterprise security teams protect their organizations using their networks. 

“Peter and Eric are two of the world’s leading authorities on Suricata and have done an excellent job unlocking the true value of Suricata for the security analyst,” said Matt Jonkman, founder and board member at OISF. “Suricata is the world’s most popular open-source network security engine for threat detection and hunting. This guide gives security analysts, educators, enterprises, and even hobbyists a powerful primer to help maximize the value of Suricata in their networks.”

The “Security Analyst’s Guide to Suricata” is not meant to replace the user guide but was written to offer additional support for the security practitioner. The authors have taken an open-source approach to developing the content, making it a living work that will grow and evolve over time with ongoing input from the authors as well as contributions and feedback from the Suricata community. The open source content is hosted on a GitHub repository while PDF and eReader versions are available on the Stamus Networks website, here:

“The idea for this book emerged after it became obvious to us that many security practitioners using Suricata either struggle to effectively use the most powerful capabilities of the tool or simply don’t realize they exist,” said Éric Leblond, CTO and co-founder of Stamus Networks.

“Widely known as a classic intrusion detection system (IDS), most security professionals don’t realize that Suricata can also simultaneously produce protocol and file transaction logs and flow records, and extract PCAPs and files – either independent of IDS alerts or fully-correlated with the IDS alerts. This data can provide vital information to analysts during incident investigation or threat hunting,” added Peter Manev, CSO and co-founder of Stamus Networks. “This is just one example of the information that we uncover and explain in our book,” he concluded. 

View all News

The Safety & Security Event Series

FSEHSENational Cyber Security ShowPSO LiveTSEThe Workplace Event