How to Install Suricata on Windows 10 RDP

How to Install Suricata on Windows 10 RDP

Suricata is an intrusion detection and prevention system. This tool introduces itself as a complete ecosystem for security monitoring. One of the most important features of Suricata compared to other tools is that it works up to the application layer. This allows Suricata to identify risks that other tools may ignore because they are split into multiple packages. In this article, we are going to teach you How to Install Suricata on Windows 10 RDP. It should be noted that you can visit the packages available in Eldernode if you want to buy a Windows VPS server.

Tutorial Install Suricata on Windows 10 RDP

Suricata functionality is not limited to the application layer. It also works at lower levels and protocols such as TLS, ICMP, TCP, and UDP. Suricata also examines HTTP, FTP, and SMB protocols to find hidden intrusion attempts in the form of unusual requests. It should note that Suricata also uses the ability to extract files so that administrators can check for suspicious files.

Note that the Suricata is very cleverly designed and distributes its workload across multiple processor cores and chips to achieve the best performance. It also transfers some of its workloads to the graphics card, which is a great feature for servers.

In the rest of this article, join us to explain step by step how to Install Suricata on Windows 10 RDP.

Recommended Article: A Quick Way To Connect RealVNC Remote Desktop on Windows 10

Install Suricata on Windows 10 RDP Server

In this section, we will discuss how to Install Suricata on Windows 10 RDP. To do this, please follow the steps below in order. The first step is to download Suricata for Windows.


how to download


In the window that opens, click on Run.


install suricata on windows


Then click Next.


how to install suricata on windows rdp


Check I accept… and click Next to accept the license agreement.


lisence agreement in installing suricata on windows


In the next step, you can choose the method you want to install. Then click Next.


installation features of suricata


Click Install.


install suricata on windows 10 rdp


installing suricata


Finally, you have to click on Finish.


suricata on windows 10


Once you have successfully installed Suricata, you should now create a folder with your configurations, rules, and test captures. Note that this folder is C:\Suricata. You need to create a folder log, rules, and projects in that folder.


how to create folders log to install suricata


In the Rules folder, you must copy the contents of the Rules folder to the Suricata program’s directory.

Threshold.config is an empty file.

suricata.yaml is a copy of suricata.yaml found in the Suricata application list.

Note: You can find the modifications I make to suricata.yaml on GitHub.

In the next step, for each project or test, you should create a folder in folder projects. Like this mimikatz folder:


reate a folder in folder projects of suricata


Here, we use the following BAT file to start Suricata with our rules and capture file:

C:\Program Files (x86)\Suricata\suricata.exe” -c ..\..\suricata.yaml -S mimikatz.rules -l logs -k none -v -r drsuapi-DsGetNCChanges.pcap pause

1. With option -S we can use our rule file mimikatz.rules (exclusively, no other rule file will be loaded).

2. Option -l logs uses our local logs directory to write the log files.

3. -k none disable checksum checks.

4. -v means verbose.

5. -r .pcap reads our capture file for processing by Suricata.

The important point is that if you encounter an error message like the one below, you should follow the steps below.


error message in installing suricata on windows


Recommended Article: How to Add Files to Startup in Windows 10

How to Install WinPcap on Windows 10

Visit the WinPcap website and download it. Then go to the place where you downloaded the file and double click on it.

In the window that opens, click Next.


install winpcap on windows


Then click on I Agree to confirm the license agreement.


winpcap license agreement on windows


Click Install to start installing WinPcap.


installing winpcap



Finally, click on Finish.


how to install winpcap on windows 10 rdp


How to Run Suricata on Windows 10 Server

Note that you can download the rules from Emerging Threats. Then extract the files from the rules folder to the C:\Suricata\rules folder.


how to run suricata on windows


You can process your capture file without explicit rule such as the image below:


how to run suricata on windows 10 rdp


Recommended Article: How To Connect Supremo Remote Desktop On Windows 10


Suricata is an open-source intrusion detection engine developed by OISF. The Beta version was released in late 2009 and the standard version was released in mid-2010. This engine can be used as an intrusion detection system (IDS), intrusion prevention system (IPS), or as a network security monitor. Suricata monitors network traffic using an extensive set of rules and signature language. In this article, we tried to teach you to step by step how to Install Suricata on Windows 10 RDP.

We Are Waiting for your valuable comments and you can be sure that it will be answered in the shortest possible time.
  • João Silva
    João Silva
    1 week ago

    I would like to know if is there any way to send the suricata logs to a wazuh server ( in linux )

    • Michael Morgan
      Michael Morgan
      1 week ago

      Add the following section to the Linux agent configuration file:


      It should be noted that instead of directly adding the above items to ossec.conf in the Linux agent, this time you can use Wazuh manager’s centralized agent configuration features.

      You will then need to add your Linux agent to a new group called “Suricata” using the following command in your Wazuh Manager:

      /var/ossec/bin/agent_groups -a -g Suricata -q

      In the next step, you must use the following command to list the agents registered in Wazuh manager:

      /var/ossec/bin/manage_agents -l

      Then you should add the Linux agent to this new agent group by its ID number:

      /var/ossec/bin/agent_groups -a -i 001 -g Suricata -q

      In the next step, it is necessary to put the Wazuh agent configuration for Suricata in the common file agent.conf. After that, in Wazuh Manager, edit /var/ossec/etc/shared/Suricata/agent.conf and add the following configuration:


      Finally, you should confirm this shared config is valid by running the following command on the Wazuh manager.



Leave Your Comment

Your email address will not be published.

We are by your side every step of the way

Think about developing your online business; We will protect it compassionately

We are by your side every step of the way


7 days a week, 24 hours a day