Tool and Usage
|Programming languages||C, Lua|
|Latest release||suricata-5.0.3 |
Suricata is a somewhat younger NIDS, though has a rapid development cycle. It can work with Snort rulesets, yet also has optimized rulesets for usage with Suricata itself. For example, this set is known as Emerging Threats and fully optimized.
Why this tool?
Suricata can be used as part of a Network Security Monitoring (NSM) ecosystem. You could use it to log HTTP requests, log and store TLS certificates, extract files from flows and store them to disk.
How it works
The tooling uses network traffic to perform its analysis. Together with rulesets, traffic can be categorized and related actions can be taken.
The project is partly funded by the Department of Homeland Security's Directorate for Science and Technology
Usage and audience
Suricata is commonly used for information gathering, intrusion detection, network analysis, or threat discovery. Target users for this tool are security professionals and system administrators.
- JSON output supported
- Support for Lua scripting
- Support for pcap (packet capture)
- Tool allows multiple integrations
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + More than 50 contributors
- + The source code of this software is available
Supported operating systems
Suricata is known to work on FreeBSD, Linux, macOS, Microsoft Windows, and OpenBSD.
Similar tools to Suricata:
Zeek is a network security monitoring tool (NSM) and helps with monitoring. It can also play an active rol in performing forensics and incident response.
Sweet Security is a set of scripts to setup and install Bro IDS, Elasticsearch, Logstash, Kibana, and Critical Stack on any device.
Snort is a network intrusion detection system (NIDS) that runs on Linux and other platforms.
This tool page was updated at . Found an improvement? Help the community by submitting an update.