PFSense - Suricata - Rules

Signatures play a very important role in Suricata.

Suricata Rules consists of the following format:

• Action: Determines what happens when the signature matches.
• Header: Defining the protocol, IP addresses, ports and direction of the rule.
• Options: Defines the specifics of the rule.

Breakdown of a rule

Classification

Custom Rules

Snort Rules

https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Rules

https://suricata.readthedocs.io/en/latest/rule-management/adding-your-own-rules.html

https://suricata.readthedocs.io/en/suricata-4.1.2/rules/intro.html

https://forum.netgate.com/topic/127428/suricata-custom-rules

https://www.admin-magazine.com/Articles/Detecting-intruders-with-Suricata/(offset)/3