Suricata: An Operator's Guide - Revisions

Hey folks,

If you remember some time ago in this forum I said I would be working on making a book for guidance on network intrusion detection best practices, featuring Suricata. Since then, I’ve been taking a little bit of time here and there to write. Prior to coming to proofpoint, I wrote a book called Building Virtual Machine Labs: A Hands-On Guide ( – please note that the pay what you want slider CAN be set to free to obtain a free copy).

While I was writing that book, with every chapter completed, I would release a new, cumulative iteration of the book for the community to check out, if they were interested. I wanna keep with the same tradition here, and release cumulative updates as i complete chapters for this book. Releasing these cumulative updates here allows me to get feedback from you all since this is a forum. I can correct problems or perhaps incorporate concepts you think are missing from the work.

If you are interested, you can download this work here for free. The only edition available right now is PDF. By default, the price should be set to 0.00 (free). Simply add the book to your cart, then check out. you should not be charged any fees and will be directed to a page where you can download the PDF.

Bear in mind that this is a work in progress, and that the PDF only consists of the first three chapters for this work. I will be adding more chapters to the manuscript (and posting updates here) as I complete them. Thank you for your time, I hope you enjoy it, and if there is any constructive feedback you would like to offer, please feel free to let me know.

-Tony “da_667” Robinson


Started reading this over the weekend, @trobinson667. I aspire to publish something useful one day myself, so thanks for sharing your progress with the community.