{"id":8172,"date":"2024-07-09T08:20:21","date_gmt":"2024-07-09T08:20:21","guid":{"rendered":"\/cybersecurity-blog\/?p=8172"},"modified":"2024-07-09T08:20:22","modified_gmt":"2024-07-09T08:20:22","slug":"suricata-search","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/suricata-search\/","title":{"rendered":"Search for Network Threats by Suricata in TI Lookup\u00a0"},"content":{"rendered":"\n<p>You can now search for network threats from Suricata in TI Lookup. This latest addition to our <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a> will help you identify and analyze malicious network activity more accurately.\u00a0\u00a0<\/p>\n\n\n\n<p>Let&#8217;s dive into the new features and see how you can use them (with examples).&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What\u2019s new&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>New search fields for Suricata data&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Network threats tab with Suricata detections&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ability to search within results&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Detailed threat information in search results&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Let\u2019s discuss each of these points in more detail:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"566\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image1-1024x566.png\" alt=\"\" class=\"wp-image-8173\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image1-1024x566.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image1-300x166.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image1-768x424.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image1-1536x849.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image1-2048x1132.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image1-370x205.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image1-270x149.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image1-740x409.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\n\nLearn more about ANY.RUN <span class=\"highlight\">Threat Intelligence Products<\/span>&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=suricata_search&#038;utm_term=090724&#038;utm_content=linktotiplans\/\" rel=\"noopener\" target=\"_blank\">\nInquire about ANY.RUN TI\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">New Search Fields&nbsp;<\/h2>\n\n\n\n<p>We&#8217;ve added several new search fields to help you find specific network threats. These are:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SuricataClass&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SuricataMessage&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Suricata ThreatLevel&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SuricataID&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>For example, you can use query <strong>SuricataThreatLevel:&#8221;malicious&#8221; <\/strong>to find all malicious network activities detected by Suricata.\u00a0<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"568\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-1024x568.png\" alt=\"\" class=\"wp-image-8174\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-1024x568.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-300x166.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-768x426.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-1536x851.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-2048x1135.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-370x205.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-270x150.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image2-740x410.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">New network threats table and tab&nbsp;<\/h2>\n\n\n\n<p>The results page now includes detailed network threat information. For a more detailed breakdown, select the <strong>Network Threats<\/strong> tab.\u00a0<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"564\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-1024x564.png\" alt=\"\" class=\"wp-image-8175\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-1024x564.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-300x165.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-768x423.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-1536x846.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-2048x1128.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-370x204.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-270x149.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image3-740x408.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>The new <strong>Network threats <\/strong>tab displays Suricata detections, giving you a dedicated space to analyze network-based threats. This tab appears alongside existing tabs like URLs, Domains, and Files, providing a more comprehensive view of potential threats.\u00a0<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\n\nRequest a <span class=\"highlight\">free trial<\/span> of ANY.RUN TI Lookup&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=suricata_search&#038;utm_term=090724&#038;utm_content=linktotiplans\/\" rel=\"noopener\" target=\"_blank\">\nInquire now\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Search within results&nbsp;<\/h2>\n\n\n\n<p>After your initial search, you can further narrow down the results using the search bar in the Network threats tab. This feature allows you to quickly find specific threats among a large number of results.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"568\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-1024x568.png\" alt=\"\" class=\"wp-image-8176\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-1024x568.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-300x166.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-768x426.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-1536x852.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-2048x1136.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-370x205.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-270x150.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image4-740x410.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>For instance, if you&#8217;re investigating NjRAT activity:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Start with SuricataThreatLevel:&#8221;malicious.&#8221;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>In the Network threats tab, type &#8220;njrat&#8221; in the search bar.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You&#8217;ll see only NjRAT-related entries, making your investigation more focused.&nbsp;<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"115\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-1024x115.png\" alt=\"\" class=\"wp-image-8177\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-1024x115.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-300x34.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-768x86.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-1536x172.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-370x41.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-270x30.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5-740x83.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image5.png 1694w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Detailed threat information&nbsp;<\/h2>\n\n\n\n<p>Each entry in the search results now includes:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Suricata Class&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>ImagePath&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Suricata ID&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Suricata Message&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Associated Tags&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>MITRE TTP&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>This detailed information helps you quickly assess the nature and potential impact of each detected threat. Hower over an artifact and click on it to initiate a new TI Lookup search.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How to use Suricata search in TI Lookup&nbsp;<\/h2>\n\n\n\n<p>Let&#8217;s walk through a couple of practical examples.\u00a0<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"567\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-min-1024x567.png\" alt=\"\" class=\"wp-image-8178\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-min-1024x567.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-min-300x166.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-min-768x425.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-min-1536x850.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-min-2048x1134.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-min-370x205.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-min-270x149.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image6-min-740x410.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>By obtaining the victim&#8217;s external IP address and connecting to Telegram&#8217;s API, you can capture a wide range of threats, including various stylers and some types of phishing.&nbsp;<\/p>\n\n\n\n<p>Query example: <strong>DomainName:&#8221;api.telegram.org&#8221; AND SuricataMessage:&#8221;External IP&#8221;<\/strong>&nbsp;<\/p>\n\n\n\n<p>And you can detect fake authentication attempts in Microsoft services using the following search query.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"567\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image7-1024x567.png\" alt=\"\" class=\"wp-image-8179\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image7-1024x567.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image7-300x166.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image7-768x425.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image7-1536x850.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image7-2048x1133.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image7-370x205.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image7-270x149.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2024\/07\/image7-740x409.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Query example:<strong> SuricataID:&#8221;8001152&#8243; AND SuricataMessage:&#8221;INFO [ANY.RUN] Request to Azure content delivery network&#8221;<\/strong>&nbsp;<\/p>\n\n\n\n<p>It works because Microsoft services do not use the free turnstile challenge from Cloudflare.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN helps more than 400,000 cybersecurity professionals worldwide. Our <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=suricata_search&amp;utm_term=090724&amp;utm_content=linktolanding\/\" target=\"_blank\" rel=\"noreferrer noopener\">interactive sandbox<\/a> simplifies malware analysis of threats that target both Windows and <a href=\"https:\/\/any.run\/cybersecurity-blog\/linux-malware-analysis-cases\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux<\/a> systems. Our threat intelligence products, <a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>, <a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">Yara Search<\/a> and <a href=\"https:\/\/any.run\/cybersecurity-blog\/ti-feeds-integration\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, help you find <a href=\"https:\/\/any.run\/cybersecurity-blog\/indicators-of-compromise\/\" target=\"_blank\" rel=\"noreferrer noopener\">IOCs<\/a> or files to learn more about the threats and respond to incidents faster.\u00a0\u00a0<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Advantages of ANY.RUN&nbsp;&nbsp;<\/h3>\n\n\n\n<p>ANY.RUN helps you analyze threats faster while improving detection rates. The platform detects common malware families with YARA and Suricata rules and identifies malware behavior with signatures when detection by family is not possible.&nbsp;<\/p>\n\n\n\n<p><strong>With ANY.RUN you can:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Detect malware in seconds.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Interact with samples in real time.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Save time and money on sandbox setup and maintenance&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Record and study all aspects of malware behavior.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Collaborate with your team&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Scale as you need.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/contact-us\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=suricata_search&amp;utm_term=090724&amp;utm_content=linktocontactus\" target=\"_blank\" rel=\"noreferrer noopener\">Request free trial \u2192<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>You can now search for network threats from Suricata in TI Lookup. This latest addition to our Threat Intelligence Lookup will help you identify and analyze malicious network activity more accurately.\u00a0\u00a0 Let&#8217;s dive into the new features and see how you can use them (with examples).&nbsp; What\u2019s new&nbsp; Let\u2019s discuss each of these points in [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":8181,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,10,34],"class_list":["post-8172","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-cybersecurity","tag-malware-analysis"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Search for Network Threats by Suricata in TI Lookup\u00a0 - ANY.RUN&#039;s Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"See how you can search for network threats using Suricata rule details in ANY.RUN&#039;s Threat Intelligence Lookup.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/suricata-search\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/suricata-search\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/suricata-search\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Search for Network Threats by Suricata in TI Lookup\u00a0\",\"datePublished\":\"2024-07-09T08:20:21+00:00\",\"dateModified\":\"2024-07-09T08:20:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/suricata-search\/\"},\"wordCount\":625,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"malware analysis\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/suricata-search\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/suricata-search\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/suricata-search\/\",\"name\":\"Search for Network Threats by Suricata in TI Lookup\u00a0 - ANY.RUN&#039;s Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2024-07-09T08:20:21+00:00\",\"dateModified\":\"2024-07-09T08:20:22+00:00\",\"description\":\"See how you can search for network threats using Suricata rule details in ANY.RUN's Threat Intelligence Lookup.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/suricata-search\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/suricata-search\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/suricata-search\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Search for Network Threats by Suricata in TI Lookup\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Search for Network Threats by Suricata in TI Lookup\u00a0 - ANY.RUN&#039;s Cybersecurity Blog","description":"See how you can search for network threats using Suricata rule details in ANY.RUN's Threat Intelligence Lookup.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/suricata-search\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/suricata-search\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/suricata-search\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Search for Network Threats by Suricata in TI Lookup\u00a0","datePublished":"2024-07-09T08:20:21+00:00","dateModified":"2024-07-09T08:20:22+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/suricata-search\/"},"wordCount":625,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware analysis"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/suricata-search\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/suricata-search\/","url":"https:\/\/any.run\/cybersecurity-blog\/suricata-search\/","name":"Search for Network Threats by Suricata in TI Lookup\u00a0 - ANY.RUN&#039;s Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2024-07-09T08:20:21+00:00","dateModified":"2024-07-09T08:20:22+00:00","description":"See how you can search for network threats using Suricata rule details in ANY.RUN's Threat Intelligence Lookup.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/suricata-search\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/suricata-search\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/suricata-search\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"Search for Network Threats by Suricata in TI Lookup\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/8172"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=8172"}],"version-history":[{"count":3,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/8172\/revisions"}],"predecessor-version":[{"id":8234,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/8172\/revisions\/8234"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/8181"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=8172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=8172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=8172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}