Skip navigation

Intrusion Detection with Suricata

Are you alone on your network? How do you know?

Try as we might, preventing attacks eventually fails and you must rely on your ability to detect attackers who’ve made their way on to your network. This means you should monitor your network for intrusions and apply your knowledge of attacker tools, techniques, and procedures to build detection that will alert you before initial access becomes a significant breach.

Suricata can help you do that.

Suricata is a powerful, open-source intrusion detection system (IDS) and network security monitoring (NSM) collection platform. Its flexible rule framework allows you to turn threat intelligence and behavioral indicators into detection signatures that will alert you when a match is found on your network.

Intrusion Detection with Suricata

Intrusion Detection with Suricata is a foundational course that will help you unlock the power of Suricata and use it to detect intruders on your network.

You’ll learn:

  • Learn the basics of the Suricata rule language and how to develop custom detection signatures
  • Dissect real-world packet captures to turn attack examples into actionable detection
  • Deploy, automatically update, and customize public rulesets like the popular Emerging Threats ruleset
  • Use EveBox and JQ to manipulate Suricata output and launch investigations from the alerts it generates
  • Gain practical deployment advice for deploying Suricata in your enterprise
  • Learn techniques for configuring Suricata in test, development, and production environments.
  • Utilize Suricata’s output modes for flexible alert output and protocol logging

This course is taught by multiple members of the OISF team that created and maintains Suricata. If you want to learn the basics of how to detect intruders on your network using concepts of signature-based detection, this is the course you’re looking for. 

You can view the detailed course syllabus here.

Course Format

Intrusion Detection with Suricata is delivered completely online using recorded video lectures that you can go through at your own pace. Each lesson consists of lectures that overview critical concepts, instructor-led demonstrations that walk through Suricata examples, and lab exercises where you practice the concepts you’ve learned. There is also a discussion forum where you can ask questions and share tips and tricks with other students and your instructor.

Lab Exercises

This course contains lab exercises you can use to practice your skills. A Virtual Machine is provided for completing the labs, or you can download the course files and use them on your own Suricata installation. The labs are an integral part of learning how to build detection rules with Suricata. You’ll be given plenty of opportunities to practice and test your knowledge.


A basic understanding of the Linux command line is helpful, as the course will use Suricata in that environment.

This course is delivered in English.


The course is $497 for a single user license. Bulk discounts are available for organizations that want to purchase multiple licenses (please contact us to discuss payment and pricing). A portion of the purchase price will go to support multiple charities including the Rural Technology Fund and others.

You’ll receive:

  • 1-year Access to course videos and labs
  • Access to our AND student learning community forum
  • A Certification of Completion
  • 15 Continuing Education Credits (CPEs/CEUs)

Meet the Instructors

This course is taught by the Open Information Security Foundation (OISF) team. This is the team that builds and maintains Suricata. Instructors for this course include:

Peter Manev
Peter has 15 years experience in the IT industry, including enterprise-level IT security practice. An adamant admirer and explorer of innovative open source security software, Peter is currently a Security Solution Architect. Peter maintains some additional info points of interest about Suricata.

Jason Ish
Jason is a professional software developer with over a decade of experience developing and integrating open source solutions in the security and networking fields. Jason’s experience covers device drivers right up to user interfaces, including co-founding and acting as a CTO of an IDS integrator which was later acquired. Jason currently resides in Saskatoon, Canada.

Jack Mott
Jack is a security researcher who focuses on open source solutions to detect, track and hunt malware and malicious activity. He has been a signature writer for the Emerging Threats team for several years, producing community/premium Suricata signatures to help protect networks worldwide. Jack is a strong believer in the open source mission as well as helping people and organizations solve security issues with open source solutions.

Jason William
Jason is a security researcher with global enterprise experience in detecting, hunting and remediating threats with open source technologies. Primarily focusing on network communications, Jason has written thousands of commercial and community Suricata rules for Emerging Threats to help defenders protect their networks. Jason participates as a Signature Development and User Training instructor for the OISF.

Student Testimonials

“I was a beginner, never using Suricata or an IDS/IPS before. This course really helped me understand how to interpret network traffic and how I can manipulate it to find anything on that is happening on a network. The training goes very in-depth with Suricata and acts as a good guide to learn and understand how Suricata works.” – Jesse

“I know how to write rules, more importantly, I can read them now and be better at determining false positives” – David

Join Intrusion Detection with Suricata Now for Just $497

Bulk discounts are available for organizations that want to purchase multiple licenses for this Suricata training course. Please contact us to discuss payment and pricing.