diff --git a/src/core_plugins/kibana/public/home/tutorial_resources/suricata_logs/screenshot.png b/src/core_plugins/kibana/public/home/tutorial_resources/suricata_logs/screenshot.png
new file mode 100644
index 0000000000000..68193524d8748
Binary files /dev/null and b/src/core_plugins/kibana/public/home/tutorial_resources/suricata_logs/screenshot.png differ
diff --git a/src/core_plugins/kibana/server/tutorials/register.js b/src/core_plugins/kibana/server/tutorials/register.js
index cf23318f4f2e4..5c64077650bdc 100644
--- a/src/core_plugins/kibana/server/tutorials/register.js
+++ b/src/core_plugins/kibana/server/tutorials/register.js
@@ -37,6 +37,7 @@ import { postgresqlLogsSpecProvider } from './postgresql_logs';
 import { rabbitmqMetricsSpecProvider } from './rabbitmq_metrics';
 import { redisLogsSpecProvider } from './redis_logs';
 import { redisMetricsSpecProvider } from './redis_metrics';
+import { suricataLogsSpecProvider } from './suricata_logs';
 import { dockerMetricsSpecProvider } from './docker_metrics';
 import { kubernetesMetricsSpecProvider } from './kubernetes_metrics';
 import { uwsgiMetricsSpecProvider } from './uwsgi_metrics';
@@ -82,6 +83,7 @@ export function registerTutorials(server) {
   server.registerTutorial(rabbitmqMetricsSpecProvider);
   server.registerTutorial(redisLogsSpecProvider);
   server.registerTutorial(redisMetricsSpecProvider);
+  server.registerTutorial(suricataLogsSpecProvider);
   server.registerTutorial(dockerMetricsSpecProvider);
   server.registerTutorial(kubernetesMetricsSpecProvider);
   server.registerTutorial(uwsgiMetricsSpecProvider);
diff --git a/src/core_plugins/kibana/server/tutorials/suricata_logs/index.js b/src/core_plugins/kibana/server/tutorials/suricata_logs/index.js
new file mode 100644
index 0000000000000..57d030a2fc535
--- /dev/null
+++ b/src/core_plugins/kibana/server/tutorials/suricata_logs/index.js
@@ -0,0 +1,67 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import { i18n }  from '@kbn/i18n';
+import { TUTORIAL_CATEGORY } from '../../../common/tutorials/tutorial_category';
+import { onPremInstructions, cloudInstructions, onPremCloudInstructions } from '../../../common/tutorials/filebeat_instructions';
+
+export function suricataLogsSpecProvider(server, context) {
+  const moduleName = 'suricata';
+  const geoipRequired = false;
+  const uaRequired = false;
+  const platforms = ['OSX', 'DEB', 'RPM', 'WINDOWS'];
+  return {
+    id: 'suricataLogs',
+    name: i18n.translate('kbn.server.tutorials.suricataLogs.nameTitle', {
+      defaultMessage: 'Suricata logs',
+    }),
+    category: TUTORIAL_CATEGORY.SECURITY,
+    shortDescription: i18n.translate('kbn.server.tutorials.suricataLogs.shortDescription', {
+      defaultMessage: 'Collect the result logs created by Suricata IDS/IPS/NSM.',
+    }),
+    longDescription: i18n.translate('kbn.server.tutorials.suricataLogs.longDescription', {
+      defaultMessage: 'The `suricata` Filebeat module collects the logs from the \
+[Suricata Eve JSON output](https://suricata.readthedocs.io/en/latest/output/eve/eve-json-format.html). \
+[Learn more]({learnMoreLink}).',
+      values: {
+        learnMoreLink: '{config.docs.beats.filebeat}/filebeat-module-suricata.html',
+      },
+    }),
+    //euiIconType: 'logoSuricata',
+    artifacts: {
+      dashboards: [
+        {
+          id: '69f5ae20-eb02-11e7-8f04-51231daa5b05',
+          linkLabel: i18n.translate('kbn.server.tutorials.suricataLogs.artifacts.dashboards.linkLabel', {
+            defaultMessage: 'Suricata logs dashboard',
+          }),
+          isOverview: true
+        }
+      ],
+      exportedFields: {
+        documentationUrl: '{config.docs.beats.filebeat}/exported-fields-suricata.html'
+      }
+    },
+    completionTimeMinutes: 10,
+    previewImagePath: '/plugins/kibana/home/tutorial_resources/suricata_logs/screenshot.png',
+    onPrem: onPremInstructions(moduleName, platforms, geoipRequired, uaRequired, context),
+    elasticCloud: cloudInstructions(moduleName, platforms),
+    onPremElasticCloud: onPremCloudInstructions(moduleName, platforms)
+  };
+}