LSE top 100LSE top 100Suricata (13)Suricata (13)

Tool and Usage

Project details

Programming languages
C, Lua
Victor Julien
Latest release
Latest release date

Project health

This score is calculated by different factors, like project age, last release date, etc.


Suricata is a somewhat younger NIDS, though has a rapid development cycle. It can work with Snort rulesets, yet also has optimized rulesets for usage with Suricata itself. For example, this set is known as Emerging Threats and fully optimized.

Why this tool?

Suricata can be used as part of a Network Security Monitoring (NSM) ecosystem. You could use it to log HTTP requests, log and store TLS certificates, extract files from flows and store them to disk.

How it works

The tooling uses network traffic to perform its analysis. Together with rulesets, traffic can be categorized and related actions can be taken.

Background information

The project is partly funded by the Department of Homeland Security's Directorate for Science and Technology

Usage and audience

Suricata is commonly used for information gathering, intrusion detection, network analysis, or threat discovery. Target users for this tool are security professionals and system administrators.


  • JSON output supported
  • Support for Lua scripting
  • Support for pcap (packet capture)
  • Tool allows multiple integrations

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + More than 50 contributors
  • + The source code of this software is available

Author and Maintainers

Suricata is under development by Victor Julien.



Supported operating systems

Suricata is known to work on FreeBSD, Linux, Microsoft Windows, OpenBSD, and macOS.

Suricata alternatives

Similar tools to Suricata:



Zeek is a network security monitoring tool (NSM) and helps with monitoring. It can also play an active rol in performing forensics and incident response.


Sweet Security

Sweet Security is a set of scripts to setup and install Bro IDS, Elasticsearch, Logstash, Kibana, and Critical Stack on any device.



Snort is a network intrusion detection system (NIDS) that runs on Linux and other platforms.

All Suricata alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information