Home Commands Tools Labs Defense Center Learning Paths Quizzes Challenges CTF Hubs Premium Log in

Library

Command reference

Search the live database for syntax, tools, use cases, tags, MITRE context, and safe lab-ready command examples.

140 results Clear filters
Defensive Intermediate Free

Pass external variables into YARA.

Pass external variables into YARA.

yara -d environment=lab rules/contextual.yar sample.bin
yara malware-analysis expanded-library
YARA / Malware Analysis Open
Defensive Intermediate Free

Limit YARA scan runtime.

Limit YARA scan runtime.

yara --timeout 30 rules/large_ruleset.yar samples/
yara malware-analysis expanded-library
YARA / Malware Analysis Open
Defensive Intermediate Free

Scan a memory dump for credential theft patterns.

Scan a memory dump for credential theft patterns.

yara -s rules/credential_theft.yar memory_dump.bin
yara malware-analysis expanded-library
YARA / Malware Analysis Open
Defensive Intermediate Free

Use compiled YARA rules for scanning.

Use compiled YARA rules for scanning.

yara -C compiled_rules.yarc sample.bin
yara malware-analysis expanded-library
YARA / Malware Analysis Open
Defensive Intermediate Free

Test Suricata configuration and local rules.

Test Suricata configuration and local rules.

suricata -T -c /etc/suricata/suricata.yaml -S local.rules
suricata detection-engineering expanded-library
Suricata / Detection Engineering Open
Defensive Intermediate Free

List available Suricata rule sources.

List available Suricata rule sources.

suricata-update list-sources
suricata detection-engineering expanded-library
Suricata / Detection Engineering Open
Defensive Intermediate Free

Enable Emerging Threats Open rules.

Enable Emerging Threats Open rules.

suricata-update enable-source et/open
suricata detection-engineering expanded-library
Suricata / Detection Engineering Open
Defensive Intermediate Free

Run Suricata against a packet capture.

Run Suricata against a packet capture.

suricata -r capture.pcap -k none -l eve-output/
suricata detection-engineering expanded-library
Suricata / Detection Engineering Open
Defensive Intermediate Free

Filter Suricata EVE alerts.

Filter Suricata EVE alerts.

jq 'select(.event_type=="alert")' eve.json
suricata detection-engineering expanded-library
Suricata / Detection Engineering Open
Defensive Intermediate Free

Extract DNS events from EVE JSON.

Extract DNS events from EVE JSON.

jq 'select(.event_type=="dns") | {src_ip,query:.dns.rrname}' eve.json
suricata detection-engineering expanded-library
Suricata / Detection Engineering Open
Defensive Intermediate Free

Inspect Suricata rule path configuration.

Inspect Suricata rule path configuration.

suricata --dump-config | grep default-rule-path
suricata detection-engineering expanded-library
Suricata / Detection Engineering Open
Defensive Intermediate Free

Request a non-blocking rule reload.

Request a non-blocking rule reload.

suricatasc -c ruleset-reload-nonblocking
suricata detection-engineering expanded-library
Suricata / Detection Engineering Open