{"id":25386,"date":"2025-05-14T02:07:31","date_gmt":"2025-05-14T07:07:31","guid":{"rendered":"https:\/\/rud.is\/b\/?p=25386"},"modified":"2025-05-14T02:07:31","modified_gmt":"2025-05-14T07:07:31","slug":"suriest-suricata-rule-validation-as-a-rest-service","status":"publish","type":"post","link":"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/","title":{"rendered":"Suriest: Suricata Rule Validation As A (REST) Service"},"content":{"rendered":"

Meet Suriest<\/strong> \u2014 a new REST API service for validating Suricata rules, designed to be run by organizations to streamline rule validation workflows. Suriest supports Suricata 6.0 and later and offers features like secure configuration, S3-compatible storage for logging validation attempts, and a simple HTTP API to validate rules programmatically. While the project is intended for deployment within your own environment, there\u2019s a live instance already available for immediate use at https:\/\/sigchk.hrbrmstr.app\/validate-rule<\/a>. You can test it easily with a curl command like:<\/p>\n

curl --silent --request POST --url https:\/\/sigchk.hrbrmstr.app\/validate-rule \\\n  --header \"Content-Type: application\/json\" \\\n  --data '{\"rule\": \"alert http any any -> any any (msg:\\\"Test Rule\\\"; content:\\\"test\\\"; sid:1000001; rev:1;)\"}'\n<\/code><\/pre>\n
This live service currently runs Suricata 7, since Suricata 8 is still in beta. For full details on setup, configuration options (including S3 logging), and API usage, check out the README in the repository at https:\/\/codeberg.org\/hrbrmstr\/suries<\/a>t. Suriest offers a practical, scalable solution for Suricata rule validation that integrates well into security operations and development pipelines.<\/p>\n","protected":false},"excerpt":{"rendered":"
Meet Suriest \u2014 a new REST API service for validating Suricata rules, designed to be run by organizations to streamline rule validation workflows. Suriest supports Suricata 6.0 and later and offers features like secure configuration, S3-compatible storage for logging validation attempts, and a simple HTTP API to validate rules programmatically. While the project is intended […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"federated","footnotes":""},"categories":[681],"tags":[],"class_list":["post-25386","post","type-post","status-publish","format-standard","hentry","category-cybersecurity"],"yoast_head":"\nSuriest: Suricata Rule Validation As A (REST) Service - rud.is<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Suriest: Suricata Rule Validation As A (REST) Service - rud.is\" \/>\n<meta property=\"og:description\" content=\"Meet Suriest \u2014 a new REST API service for validating Suricata rules, designed to be run by organizations to streamline rule validation workflows. Suriest supports Suricata 6.0 and later and offers features like secure configuration, S3-compatible storage for logging validation attempts, and a simple HTTP API to validate rules programmatically. While the project is intended […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/\" \/>\n<meta property=\"og:site_name\" content=\"rud.is\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-14T07:07:31+00:00\" \/>\n<meta name=\"author\" content=\"hrbrmstr\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"hrbrmstr\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/\"},\"author\":{\"name\":\"hrbrmstr\",\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"headline\":\"Suriest: Suricata Rule Validation As A (REST) Service\",\"datePublished\":\"2025-05-14T07:07:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/\"},\"wordCount\":151,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/\",\"url\":\"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/\",\"name\":\"Suriest: Suricata Rule Validation As A (REST) Service - rud.is\",\"isPartOf\":{\"@id\":\"https:\/\/rud.is\/b\/#website\"},\"datePublished\":\"2025-05-14T07:07:31+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/rud.is\/b\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Suriest: Suricata Rule Validation As A (REST) Service\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/rud.is\/b\/#website\",\"url\":\"https:\/\/rud.is\/b\/\",\"name\":\"rud.is\",\"description\":\""In God we trust. All others must bring data"\",\"publisher\":{\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/rud.is\/b\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\",\"name\":\"hrbrmstr\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"url\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"width\":460,\"height\":460,\"caption\":\"hrbrmstr\"},\"logo\":{\"@id\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\"},\"description\":\"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7\",\"sameAs\":[\"http:\/\/rud.is\"],\"url\":\"https:\/\/rud.is\/b\/author\/hrbrmstr\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Suriest: Suricata Rule Validation As A (REST) Service - rud.is","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/","og_locale":"en_US","og_type":"article","og_title":"Suriest: Suricata Rule Validation As A (REST) Service - rud.is","og_description":"Meet Suriest \u2014 a new REST API service for validating Suricata rules, designed to be run by organizations to streamline rule validation workflows. Suriest supports Suricata 6.0 and later and offers features like secure configuration, S3-compatible storage for logging validation attempts, and a simple HTTP API to validate rules programmatically. While the project is intended […]","og_url":"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/","og_site_name":"rud.is","article_published_time":"2025-05-14T07:07:31+00:00","author":"hrbrmstr","twitter_card":"summary_large_image","twitter_misc":{"Written by":"hrbrmstr"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/#article","isPartOf":{"@id":"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/"},"author":{"name":"hrbrmstr","@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"headline":"Suriest: Suricata Rule Validation As A (REST) Service","datePublished":"2025-05-14T07:07:31+00:00","mainEntityOfPage":{"@id":"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/"},"wordCount":151,"commentCount":0,"publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"articleSection":["Cybersecurity"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/","url":"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/","name":"Suriest: Suricata Rule Validation As A (REST) Service - rud.is","isPartOf":{"@id":"https:\/\/rud.is\/b\/#website"},"datePublished":"2025-05-14T07:07:31+00:00","breadcrumb":{"@id":"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/rud.is\/b\/2025\/05\/14\/suriest-suricata-rule-validation-as-a-rest-service\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/rud.is\/b\/"},{"@type":"ListItem","position":2,"name":"Suriest: Suricata Rule Validation As A (REST) Service"}]},{"@type":"WebSite","@id":"https:\/\/rud.is\/b\/#website","url":"https:\/\/rud.is\/b\/","name":"rud.is","description":""In God we trust. All others must bring data"","publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/rud.is\/b\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886","name":"hrbrmstr","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","width":460,"height":460,"caption":"hrbrmstr"},"logo":{"@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1"},"description":"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7","sameAs":["http:\/\/rud.is"],"url":"https:\/\/rud.is\/b\/author\/hrbrmstr\/"}]}},"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p23idr-6Bs","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":13005,"url":"https:\/\/rud.is\/b\/2021\/03\/30\/help-your-mac-stand-between-the-darkness-and-the-light-with-greywatch\/","url_meta":{"origin":25386,"position":0},"title":"Help Your Mac Stand Between The Darkness And The Light with GreyWatch","author":"hrbrmstr","date":"2021-03-30","format":false,"excerpt":"Greynoise helps security teams focus on potential threats by reducing the noise from logs, alerts, and SIEMs. They constantly watch for badly behaving internet hosts, keep track of the benign ones, and use this research to classify IP addresses. Teams can use these classifications to only focus on things that\u2026","rel":"","context":"In "Cybersecurity"","block_context":{"text":"Cybersecurity","link":"https:\/\/rud.is\/b\/category\/cybersecurity\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12561,"url":"https:\/\/rud.is\/b\/2019\/12\/18\/quickly-create-mostly-responsive-html-columns-with-htmltools\/","url_meta":{"origin":25386,"position":1},"title":"Quickly Create (Mostly) Responsive HTML Columns With {htmltools}","author":"hrbrmstr","date":"2019-12-18","format":false,"excerpt":"I had need to present a wall-of-text to show off a giant list of SSL certificate alternate names and needed the entire list to fit on one slide (not really for reading in full, but to show just how many there were in a way that a simple count would\u2026","rel":"","context":"In "R"","block_context":{"text":"R","link":"https:\/\/rud.is\/b\/category\/r\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":4490,"url":"https:\/\/rud.is\/b\/2016\/07\/05\/a-simple-prediction-web-service-using-the-new-firery-package\/","url_meta":{"origin":25386,"position":2},"title":"A Simple Prediction Web Service Using the New fiery Package","author":"hrbrmstr","date":"2016-07-05","format":false,"excerpt":"[`fiery`](https:\/\/github.com\/thomasp85\/fiery) is a new `Rook`\/`httuv`-based R web server in town created by @thomasp85 that aims to fill the gap between raw http & websockets and Shiny with a flexible framework for handling requests and serving up responses. The intent of this post is to provide a quick-start to using it\u2026","rel":"","context":"In "R"","block_context":{"text":"R","link":"https:\/\/rud.is\/b\/category\/r\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":18584,"url":"https:\/\/rud.is\/b\/2024\/03\/23\/vulnchecks-free-community-kev-cve-apis-code-golang-cli-utility\/","url_meta":{"origin":25386,"position":3},"title":"VulnCheck’s Free Community KEV & CVE APIs  (Code & Golang CLI Utility)","author":"hrbrmstr","date":"2024-03-23","format":false,"excerpt":"VulnCheck has some new, free API endpoints for the cybersecurity community. Two extremely useful ones are for their extended version of CISA\u2019s KEV, and an in-situ replacement for NVD\u2019s sad excuse for an API and soon-to-be-removed JSON feeds. There are two ways to work with these APIs. One is retrieve\u2026","rel":"","context":"In "APIs"","block_context":{"text":"APIs","link":"https:\/\/rud.is\/b\/category\/apis\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":4826,"url":"https:\/\/rud.is\/b\/2017\/01\/04\/the-most-important-commodity-in-2017-is-data\/","url_meta":{"origin":25386,"position":4},"title":"The Most Important Commodity in 2017 is Data","author":"hrbrmstr","date":"2017-01-04","format":false,"excerpt":"Despite being in cybersecurity nigh forever (a career that quickly turns one into a determined skeptic if you're doing your job correctly) I have often trusted various (not to be named) news sources, reports and data sources to provide honest and as-unbiased-as-possible information. The debacle in the U.S. in late\u2026","rel":"","context":"In "Data Analysis"","block_context":{"text":"Data Analysis","link":"https:\/\/rud.is\/b\/category\/data-analysis-2\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/01\/BN-RL751_NACM98_9U_20170103102059.jpg?fit=700%2C683&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/01\/BN-RL751_NACM98_9U_20170103102059.jpg?fit=700%2C683&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/01\/BN-RL751_NACM98_9U_20170103102059.jpg?fit=700%2C683&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/01\/BN-RL751_NACM98_9U_20170103102059.jpg?fit=700%2C683&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":3732,"url":"https:\/\/rud.is\/b\/2015\/10\/22\/installing-r-on-os-x-100-homebrew-edition\/","url_meta":{"origin":25386,"position":5},"title":"Installing R on OS X – “100% Homebrew Edition”","author":"hrbrmstr","date":"2015-10-22","format":false,"excerpt":"In a previous post I provided \"mouse-heavy\" instructions for getting R running on your Mac. A few of the comments suggested that an \"all Homebrew\" solution may be preferable for some folks. Now, there are issues with this since getting \"support\" for what may be R issues will be very\u2026","rel":"","context":"In "OS X"","block_context":{"text":"OS X","link":"https:\/\/rud.is\/b\/category\/os-x\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/25386","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/comments?post=25386"}],"version-history":[{"count":0,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/25386\/revisions"}],"wp:attachment":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/media?parent=25386"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/categories?post=25386"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/tags?post=25386"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}