EN
ENNA

Suricata

GPL-2.0

๐ŸŒ Network Recon ยท C/Rust

Suricata is a high-performance Network IDS, IPS, and Network Security Monitoring engine developed by the Open Information Security Foundation (OISF). It inspects network traffic using rules (compatible with Snort rules) and protocol analysis to detect threats including intrusion attempts, malware communication, policy violations, and data exfiltration. Suricata's multi-threaded architecture takes full advantage of modern multi-core hardware, achieving inspection speeds that single-threaded alternatives cannot match. Beyond IDS/IPS alerting, Suricata provides comprehensive protocol logging (HTTP, DNS, TLS, SMB, and more), file extraction from network traffic, and Lua scripting for custom detection logic. It supports AF_PACKET, PF_RING, and DPDK for high-speed packet acquisition, and outputs structured JSON logs (EVE format) that integrate cleanly with Elasticsearch, Splunk, and other SIEM platforms.

6.1kstars
1.7kforks
72issues
Updated 4d ago
View on GitHubOfficial WebsiteDocumentation

Installation

apt (Debian/Ubuntu)

$ sudo apt install suricata

brew (macOS)

$ brew install suricata

from source

$ git clone https://github.com/OISF/suricata && cd suricata && ./configure && make && sudo make install

Use Cases

  • Inline intrusion prevention with multi-gigabit throughput on multi-core hardware
  • Detecting malware C2 communication, exploits, and policy violations with rules
  • Protocol-level logging of HTTP, DNS, TLS, and SMB traffic in structured JSON
  • Extracting files transferred over the network for sandboxing and analysis
  • Deploying as a network security monitoring sensor alongside Zeek and Arkime

Tags

idsipsnetwork-monitoringmulti-threadedsnort-rulesprotocol-loggingcybersecurityintrusion-detection-systemintrusion-prevention-systemnetwork-monitornsmsecuritysuricatathreat-hunting

Details

Category
๐ŸŒ Network Recon
Language
C/Rust
Repository
OISF/suricata
License
GPL-2.0
Platforms
๐Ÿงlinux๐ŸŽmacos๐ŸชŸwindows

Links

GitHub Repository

github.com/OISF/suricata

Official Website

suricata.io

Documentation

docs.suricata.io

Releases

github.com/OISF/suricata/releases

Issues

github.com/OISF/suricata/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Alternatives & Comparisons

Nmap

C/C++

The gold standard network scanner. Host discovery, port scanning, service/version detection, OS fingerprinting.

Compare Suricata vs Nmap

Wireshark

C/C++

The world's foremost network protocol analyzer. Deep packet inspection for hundreds of protocols.

Compare Suricata vs Wireshark

Zeek

C++

Network analysis framework (formerly Bro). Deep packet inspection, protocol analysis, and security monitoring at scale.

Compare Suricata vs Zeek

Arkime

JavaScript/C

Full packet capture and search system (formerly Moloch). Indexed network traffic with a web UI for hunting and forensics.

Compare Suricata vs Arkime

Sigma

Python/YAML

Generic detection rule format. Write once, convert to Splunk, Elasticsearch, QRadar, and 30+ SIEM backends.

Compare Suricata vs Sigma

More in Network Recon

Nmap

C/C++

The gold standard network scanner. Host discovery, port scanning, service/version detection, OS fingerprinting.

port-scanservice-detectionos-fingerprint

Masscan

C

Internet-scale port scanner. Transmits 10 million packets per second. Asynchronous, stateless scanning.

port-scanhigh-speedinternet-scale

RustScan

Rust

Blazing fast port scanner that pipes into Nmap. Scans all 65k ports in 3 seconds flat.

port-scanfastnmap-integration

Shodan CLI

Python

Command-line interface for Shodan, the search engine for internet-connected devices.

iotsearch-engineinternet-scan

Wireshark

C/C++

The world's foremost network protocol analyzer. Deep packet inspection for hundreds of protocols.

packet-captureprotocol-analysisgui

Responder

Python

LLMNR/NBT-NS/mDNS poisoner and rogue authentication server. Captures NTLMv1/v2 hashes on the network.

ntlmpoisoncredential-capture