Suricata

LSE top 100LSE top 100Suricata (15)Suricata (15)

Tool and Usage

Project details
LicenseGPLv2
Programming languagesC, Lua
AuthorVictor Julien
Latest releasesuricata-5.0.0 []

Project health

100
This score is calculated by different factors, like project age, last release date, etc.

Introduction

Suricata is a somewhat younger NIDS, though has a rapid development cycle. It can work with Snort rulesets, yet also has optimized rulesets for usage with Suricata itself. For example, this set is known as Emerging Threats and fully optimized.

Why this tool?

Suricata can be used as part of a Network Security Monitoring (NSM) ecosystem. You could use it to log HTTP requests, log and store TLS certificates, extract files from flows and store them to disk.

How it works

The tooling uses network traffic to perform its analysis. Together with rulesets, traffic can be categorized and related actions can be taken.

Background information

The project is partly funded by the Department of Homeland Security's Directorate for Science and Technology

Usage and audience

Suricata is commonly used for information gathering, intrusion detection, network analysis, or threat discovery. Target users for this tool are security professionals and system administrators.

Features

  • JSON output supported
  • Support for Lua scripting
  • Support for pcap (packet capture)
  • Tool allows multiple integrations

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + More than 50 contributors
  • + The source code of this software is available

Author and Maintainers

Suricata is under development by Victor Julien.

Contributors

Installation

Supported operating systems

Suricata is known to work on FreeBSD, Linux, macOS, Microsoft Windows, and OpenBSD.

Suricata alternatives

Similar tools to Suricata:

100

Zeek

Zeek is a network security monitoring tool (NSM) and helps with monitoring. It can also play an active rol in performing forensics and incident response.

64

Sweet Security

Sweet Security is a set of scripts to setup and install Bro IDS, Elasticsearch, Logstash, Kibana, and Critical Stack on any device.

67

Snort

Snort is a network intrusion detection system (NIDS) that runs on Linux and other platforms.

All Suricata alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information