Suricata

Distributed tcpdump for cloud native environments.

Suricata Eve Kafka Output Plugin for Suricata 6.

Suricata Eve Redis Output Plugin for Suricata 7.

A "spooler" for Suricata / Sagan.

Fast, extensible, versatile event router for Suricata's EVE-JSON format.

Templates for Kibana/Logstash to use with Suricata IDPS.

Reads EVE files into SQL as well as search stored data.

Automatic enumeration and maintenance of Suricata monitoring interfaces.

A tool to work on suricata stats.log file.

Simple Probing Tool for Corporate Walled Garden Networks.

Suricata Ansible role (slightly outdated).

Mass deploy and update Suricata IDPS using Ansible IT automation platform.

Suricata Docker image.

LibreNMS JSON / Nagios monitor for Suricata stats.

Terraform module to setup Google Cloud packet mirroring and send packets to Suricata.

Input Plugin for Telegraf to collect and forward Suricata stats logs (included out of the box in recent Telegraf releases).

Simple Prometheus exporter written in Go exporting stats metrics scraped from Suricata socket.

Experimental Suricata Rule Parser in Rust.

Go Client for Suricata (Interacting via Socket).

Go library to parse intrusion detection rules for engines like Snort and Suricata.

Suricata EVE-JSON parser in Go.

Pure python parser for Snort/Suricata rules.

Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool).

Kibana 4 Templates for Suricata IDPS Threat Hunting.

Kibana 5 Templates for Suricata IDPS Threat Hunting.

Kibana 6 Templates for Suricata IDPS Threat Hunting.

Kibana 7 Templates for Suricata IDPS Threat Hunting.

An implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured.

Suricata IntelliSense Extension using the Suricata Language Server.

Suricata Rules Support for Visual Studio Code (syntax highlighting, etc).

Basic Suricata syntax highlighter for Sublime Text.

A command-line utility to provide feedback on Suricata rules. It can detect issues such as covering syntax validity, interpretability, rule specificity, rule coverage, and efficiency.

Suricata Extreme Performance Tuning guide.

Suricata Extreme Performance Tuning guide - Mark II.

The Security Analyst's Guide to Suricata.

A collaborative document to collect style guidelines from the community of rule writers.

Various resources that are useful when interacting with Suricata data.

A powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search.

Collection of various open-source and commercial rulesets.

Set of Suricata rules published by QuadrantSec.

Cluster25's detection rules.

Suricata rules accompanying Fox-IT's QUANTUM 2015 blog/BroCon talk.

Suricata IDS alert rules for network anomaly detection from Travis Green.

OPNSense's Suricata IDS/IPS Detection Rules Against NMAP Scans.

Suricata rules and datasets to detect phishing attacks.

Web application for Suricata ruleset management and threat hunting.

Tool to create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert.

An Evil bit implementation in luajit for Suricata.

Generate suricata-rules from collection of IOCs (JSON, CSV or flags) based on your suricata template.

Command-line tool to format and syntax highlight Suricata rules.

Create rules and configuration for Suricata to alert on indicators from an OTX account.

Simple Python program that allows for the filtering and modifying of Suricata and Snort rulesets based on interpreted key-value pairs present in the metadata keyword within each rule.

Zabbix application layer plugin for Suricata.

A Suricata-based intrusion detection system/intrusion prevention system/network security monitoring distribution.

Docker based Suricata, Elasticsearch, Logstash, Kibana, Scirius aka SELKS.

Suricata IDS integration for the Artica gateway appliance.

Web interface to explore Suricata EVE outputs, with a primary focus on network analysis in CTF competitions.

Suricata Training Environment based on Docker(-Compose).

Cyber Defence Monitoring Course: Rule-based Threat Detection.

Automated Attack Simulation in the Cloud, complete with detection use cases.

Fast, probabilistic EVE-JSON generator for testing and benchmarking of EVE-consuming applications.

Suricata and Snort IDS rule and pcap testing system.

Repository of creating different example suricata data sets.

Wireshark plugin to display Suricata analysis info.

A simple script that processes the generated Suricata eve-log in real time and, based on alerts, adds an ip-address to the MikroTik Address Lists for a specified time for subsequent blocking.

GUI for Suricata + Qubes OS.

Web-based management system for Suricata IDS/IPS, featuring advanced analytics and visualization capabilities.