Curated list of awesome things related to Suricata.
Suricata is a free intrusion detection/prevention system and network security monitoring engine.
- Input Tools
- Output Tools
- Operations, Monitoring and Troubleshooting
- Programming Libraries and Toolkits
- Dashboards and Templates
- Development Tools
- Documentation and Guides
- Analysis Tools
- Rule Sets
- Rule/Security Content Management and Handling
- Systems Using Suricata
- Training
- Simulation and Testing
- Data Sets
- Misc
- PacketStreamer - Distributed tcpdump for cloud native environments.
- suricata-kafka-output - Suricata Eve Kafka Output Plugin for Suricata 6.
- suricata-redis-output - Suricata Eve Redis Output Plugin for Suricata 7.
- Meer - Meer is a "spooler" for Suricata / Sagan.
- FEVER - Fast, extensible, versatile event router for Suricata's EVE-JSON format.
- Suricata-Logstash-Templates - Templates for Kibana/Logstash to use with Suricata IDPS.
- Lilith - Reads EVE files into SQL as well as search stored data.
- slinkwatch - Automatic enumeration and maintenance of Suricata monitoring interfaces.
- suri-stats - A tool to work on suricata
stats.logfile. - Mauerspecht - Simple Probing Tool for Corporate Walled Garden Networks.
- ansible-suricata - Suricata Ansible role (slightly outdated).
- MassDeploySuricata - Mass deploy and update Suricata IDPS using Ansible IT automation platform.
- docker-suricata - Suricata Docker image.
- Suricata-Monitoring - LibreNMS JSON / Nagios monitor for Suricata stats.
- Terraform Module for Suricata - Terraform module to setup Google Cloud packet mirroring and send packets to Suricata IDS.
- InfluxDB Suricata Input Plugin - Input Plugin for Telegraf to collect and forward Suricata
statslogs (included out of the box in recent Telegraf releases). - suricata_exporter - Simple Prometheus exporter written in Go exporting stats metrics scraped from Suricata socket.
- rust-suricatax-rule-parser - Experimental Suricata Rule Parser in Rust.
- go-suricata - Go Client for Suricata (Interacting via Socket).
- gonids - Go library to parse IDS rules for engines like Snort and Suricata.
- surevego - Suricata EVE-JSON parser in Go.
- suricataparser - Pure python parser for Snort/Suricata rules.
- py-idstools - Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool).
- KTS - Kibana 4 Templates for Suricata IDPS Threat Hunting.
- KTS5 - Kibana 5 Templates for Suricata IDPS Threat Hunting.
- KTS6 - Kibana 6 Templates for Suricata IDPS Threat Hunting.
- KTS7 - Kibana 7 Templates for Suricata IDPS Threat Hunting.
- Suricata Language Server - Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured.
- suricata-ls-vscode - Suricata IntelliSense Extension using the Suricata Language Server.
- suricata-highlight-vscode - Suricata Rules Support for Visual Studio Code (syntax highlighting, etc).
- SublimeSuricata - Basic Suricata syntax highlighter for Sublime Text 3.
- SEPTun - Suricata Extreme Performance Tuning guide.
- SEPTun-Mark-II - Suricata Extreme Performance Tuning guide - Mark II.
- suricata-4-analysts - The Security Analyst's Guide to Suricata.
- Suricata Analytics - Various resources that are useful when interacting with Suricata data.
- Malcolm - A powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
- Evebox - Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search.
- nids-rule-library - Collection of various open-source and commercial rulesets.
- Stamus Lateral Movement Detection Rules - Suricata ruleset to detect lateral movement.
- QuadrantSec Suricata Rules - QuadrantSec Suricata rules.
- Cluster25/detection - Cluster25's detection rules.
- Networkforensic.dk (NF) rules sets:
- Quantum Insert detection for Suricata - Suricata rules accompanying Fox-IT's QUANTUM 2015 blog/BroCon talk.
- sidallocation.org - Sid Allocation working group, list of SID ranges.
- Scirius - Web application for Suricata ruleset management and threat hunting.
- IOCmite - Tool to create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert.
- luaevilbit - An Evil bit implementation in luajit for Suricata.
- Lawmaker - Suricata IDS rule management system.
- surify-cli - Generate suricata-rules from collection of IOCs (JSON, CSV or flags) based on your suricata template.
- suricata-prettifier - Command-line tool to format and syntax highlight Suricata rules.
- OTX-Suricata - Create rules and configuration for Suricata to alert on indicators from an OTX account.
- SELKS - A Suricata based IDS/IPS/NSM distro.
- Amsterdam - Docker based Suricata, Elasticsearch, Logstash, Kibana, Scirius aka SELKS.
- Experimental Suricata Training Environment - Experimental Suricata Training Environment.
- Leonidas - Automated Attack Simulation in the Cloud, complete with detection use cases.
- speeve - Fast, probabilistic EVE-JSON generator for testing and benchmarking of EVE-consuming applications.
- Dalton - Suricata and Snort IDS rule and pcap testing system.
- suricata-sample-data - Repository of creating different example suricata data sets.
- Suriwire - Wireshark plugin to display Suricata analysis info.
- bash_cata - A simple script that processes the generated Suricata eve-log in real time and, based on alerts, adds an ip-address to the MikroTik Address Lists for a specified time for subsequent blocking.
- suriGUI - GUI for Suricata + Qubes OS.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent