The jq tool is very useful for quickly parsing and filtering JSON files. In Suricata's July webinar, join our QA expert, Corey Thomas, as he shares and demonstrates several jq tricks and commands to more efficiently parse the main Suricata log: eve.json, and filter useful information for threat hunting, troubleshooting, and more. We'll also be sharing a jq cheat sheet, for quick access to what you'll learn!

Suricata is a high-performance Network Threat Detection, IDS, IPS, and Network Security Monitoring engine. Open source and owned by a community-run, non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by OISF, its supporting vendors, and the community.

Corey Thomas is OISF's QA automation Engineer. He's always finding ways to consistently reproduce problems and performance changes. He's helped build and automate OISF’s hardware QA lab and integrate with Github PRs. He has been an Open Source contributor and IT professional for over a dozen years, making the world a safer place, one bug at a time.


Forum announcement:
https://forum.suricata.io/t/julys-web...

Presentation Slides:
https://drive.google.com/file/d/1tZgC...

Cheat sheet:
https://drive.google.com/file/d/15E6-...

Suricata-verify test with multi eve files:
https://github.com/OISF/suricata-veri...