Meet Suriest — a new REST API service for validating Suricata rules, designed to be run by organizations to streamline rule validation workflows. Suriest supports Suricata 6.0 and later and offers features like secure configuration, S3-compatible storage for logging validation attempts, and a simple HTTP API to validate rules programmatically. While the project is intended for deployment within your own environment, there’s a live instance already available for immediate use at https://sigchk.hrbrmstr.app/validate-rule. You can test it easily with a curl command like:
curl --silent --request POST --url https://sigchk.hrbrmstr.app/validate-rule \
--header "Content-Type: application/json" \
--data '{"rule": "alert http any any -> any any (msg:\"Test Rule\"; content:\"test\"; sid:1000001; rev:1;)"}'
This live service currently runs Suricata 7, since Suricata 8 is still in beta. For full details on setup, configuration options (including S3 logging), and API usage, check out the README in the repository at https://codeberg.org/hrbrmstr/suriest. Suriest offers a practical, scalable solution for Suricata rule validation that integrates well into security operations and development pipelines.
