Suricata
GPL-2.0馃寪 Network Recon 路 C/Rust
Suricata is a high-performance Network IDS, IPS, and Network Security Monitoring engine developed by the Open Information Security Foundation (OISF). It inspects network traffic using rules (compatible with Snort rules) and protocol analysis to detect threats including intrusion attempts, malware communication, policy violations, and data exfiltration. Suricata's multi-threaded architecture takes full advantage of modern multi-core hardware, achieving inspection speeds that single-threaded alternatives cannot match. Beyond IDS/IPS alerting, Suricata provides comprehensive protocol logging (HTTP, DNS, TLS, SMB, and more), file extraction from network traffic, and Lua scripting for custom detection logic. It supports AF_PACKET, PF_RING, and DPDK for high-speed packet acquisition, and outputs structured JSON logs (EVE format) that integrate cleanly with Elasticsearch, Splunk, and other SIEM platforms.
Installation
apt (Debian/Ubuntu)
$ sudo apt install suricatabrew (macOS)
$ brew install suricatafrom source
$ git clone https://github.com/OISF/suricata && cd suricata && ./configure && make && sudo make installUse Cases
- Inline intrusion prevention with multi-gigabit throughput on multi-core hardware
- Detecting malware C2 communication, exploits, and policy violations with rules
- Protocol-level logging of HTTP, DNS, TLS, and SMB traffic in structured JSON
- Extracting files transferred over the network for sandboxing and analysis
- Deploying as a network security monitoring sensor alongside Zeek and Arkime
Tags
Details
- Category
- 馃寪 Network Recon
- Language
- C/Rust
- Repository
- OISF/suricata
- License
- GPL-2.0
- Platforms
- 馃惂linux馃崕macos馃獰windows
Links
Used in 1 Workflow
Community Reviews
Alternatives & Comparisons
Nmap
C/C++The gold standard network scanner. Host discovery, port scanning, service/version detection, OS fingerprinting.
Compare Suricata vs NmapWireshark
C/C++The world's foremost network protocol analyzer. Deep packet inspection for hundreds of protocols.
Compare Suricata vs WiresharkZeek
C++Network analysis framework (formerly Bro). Deep packet inspection, protocol analysis, and security monitoring at scale.
Compare Suricata vs ZeekArkime
JavaScript/CFull packet capture and search system (formerly Moloch). Indexed network traffic with a web UI for hunting and forensics.
Compare Suricata vs ArkimeSigma
Python/YAMLGeneric detection rule format. Write once, convert to Splunk, Elasticsearch, QRadar, and 30+ SIEM backends.
Compare Suricata vs SigmaCrowdSec
GoCollaborative open-source IPS with crowd-sourced threat intelligence sharing.
Compare Suricata vs CrowdSecMore in Network Recon
Nmap
C/C++The gold standard network scanner. Host discovery, port scanning, service/version detection, OS fingerprinting.
Masscan
CInternet-scale port scanner. Transmits 10 million packets per second. Asynchronous, stateless scanning.
RustScan
RustBlazing fast port scanner that pipes into Nmap. Scans all 65k ports in 3 seconds flat.
Shodan CLI
PythonCommand-line interface for Shodan, the search engine for internet-connected devices.
Wireshark
C/C++The world's foremost network protocol analyzer. Deep packet inspection for hundreds of protocols.
Responder
PythonLLMNR/NBT-NS/mDNS poisoner and rogue authentication server. Captures NTLMv1/v2 hashes on the network.