JQ commands for parsing Suricata NSM data

a Cheat Sheet for Suricata Users

Download this 1-page Cheat Sheet

This cheat sheet contains tips and tricks to select, filter and get rapid results from Suricata using JQ - the JSON command-line processing tool - by parsing standard Suricata eve.json logs.

The commands covered in this cheat sheet are focused on the network security monitoring (NSM) data and protocol logs such as SMB, Anomaly, HTTP, DNS, TLS, Flow and others.

Download this cheat sheet as a quick reference guide to the JQ commands used to query Suricata NSM data.

ABOUT STAMUS NETWORKS ™

Stamus Networks believes that cyber defense is bigger than any single person, platform, company, or technology. That’s why we leverage the power of community to deliver the next generation of open and transparent network defense. Trusted by security teams at the world’s most targeted organizations, our flagship offering – Clear NDR™ – empowers cyber defenders to uncover and stop serious threats and unauthorized network activity before they harm their organizations. Clear NDR helps defenders see more clearly and act more confidently through detection they can trust with results they can explain.