Basic Suricata syntax highlighter for Sublime Text 3.
Accounts for all of the following in Suricata v4.1 onwards
- Meta keywords
- IP keywords
- TCP keywords
- ICMP keywords
- Payload keywords
- Prefiltering keywords
- Flow keywords
- HTTP keywords
- File keywords
- DNS keywords
- SSL/TLS keywords
- JA3 keywords
- DNP3 keywords
- Xbits keywords
- Thresholding keywords (partial)
- IP reputation keywords
- FTP keywords
- App-layer keywords
- Bold orange highlighting of negated content (i.e. content:!"negated"; and isdataat:!1,relative;)
To do
- Add Modbus keywords
- Add ENIP/CIP keywords
- Save the suricata.sublime-syntax file in your Packages User folder
- Windows: C:\Users%user%\AppData\Roaming\Sublime Text 3\Packages\User
- Mac: $home/Library/Application Support/Sublime Text 3/Packages/User
- Linux: $home/.config/sublime-text-3/Packages/User
- Open Sublime Text 3
- View > Syntax > suricata