====== Commands ======
<code>
ssh firewall
sudo vi /etc/suricata/rules/suricata.rules
sudo service suricata restart

tail -f /var/log/suricata/eve.json

tail -f /var/log/suricata/fast.log

tail -f /var/log/suricata/suricata-start.log
tail -f /var/log/suricata/suricata.log
</code>

====== Suricata Rules ======

===== Directory Traversal =====
<code>
drop http any any -> 192.168.10.2 80 (msg:"Directory traversal attempt"; content:"name=..%2F"; classtype:web-application-attack; sid:1000001; rev:1;)
</code>

===== Webshell =====
<code>
drop http any any -> 192.168.10.2 80 (msg:"Webshell attempt"; content:"/images.php?id="; classtype:web-application-attack; sid:1000011; rev:1;)
</code>