awesome-suricata

Suricata toolkit

A curated collection of tools and libraries supporting the Suricata intrusion detection/prevention system

A curated list of awesome things related to Suricata

GitHub

139 stars
6 watching
11 forks
last commit: 10 months ago
Linked from 1 awesome list

awesomeawesome-listidsipslistsnsmsuricata

Awesome Suricata / Input Tools

PacketStreamer 1,891 about 1 year ago Distributed tcpdump for cloud native environments

Awesome Suricata / Output Tools

suricata-kafka-output 14 almost 4 years ago Suricata Eve Kafka Output Plugin for Suricata 6
suricata-redis-output 7 over 3 years ago Suricata Eve Redis Output Plugin for Suricata 7
Meer 28 about 2 years ago Meer is a "spooler" for Suricata / Sagan
FEVER 51 about 1 year ago Fast, extensible, versatile event router for Suricata's EVE-JSON format
Suricata-Logstash-Templates 80 over 9 years ago Templates for Kibana/Logstash to use with Suricata IDPS
Lilith 1 almost 3 years ago Reads EVE files into SQL as well as search stored data

Awesome Suricata / Operations, Monitoring and Troubleshooting

slinkwatch 11 over 5 years ago Automatic enumeration and maintenance of Suricata monitoring interfaces
suri-stats 28 almost 10 years ago A tool to work on suricata file
Mauerspecht 3 about 6 years ago Simple Probing Tool for Corporate Walled Garden Networks
ansible-suricata 1 about 7 years ago Suricata Ansible role (slightly outdated)
MassDeploySuricata 9 over 10 years ago Mass deploy and update Suricata IDPS using Ansible IT automation platform
docker-suricata 269 9 months ago Suricata Docker image
Suricata-Monitoring 0 about 1 year ago LibreNMS JSON / Nagios monitor for Suricata stats
Terraform Module for Suricata 9 about 3 years ago Terraform module to setup Google Cloud packet mirroring and send packets to Suricata
InfluxDB Suricata Input Plugin 14,974 9 months ago Input Plugin for Telegraf to collect and forward Suricata logs (included out of the box in recent Telegraf releases)
suricata_exporter 19 11 months ago Simple Prometheus exporter written in Go exporting stats metrics scraped from Suricata socket

Awesome Suricata / Programming Libraries and Toolkits

rust-suricatax-rule-parser 9 over 1 year ago Experimental Suricata Rule Parser in Rust
go-suricata 12 about 5 years ago Go Client for Suricata (Interacting via Socket)
gonids 180 over 2 years ago Go library to parse intrusion detection rules for engines like Snort and Suricata
surevego 14 over 6 years ago Suricata EVE-JSON parser in Go
suricataparser 29 over 1 year ago Pure python parser for Snort/Suricata rules
py-idstools 279 almost 2 years ago Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool)

Awesome Suricata / Dashboards and Templates

KTS 33 about 9 years ago Kibana 4 Templates for Suricata IDPS Threat Hunting
KTS5 43 over 7 years ago Kibana 5 Templates for Suricata IDPS Threat Hunting
KTS6 24 over 6 years ago Kibana 6 Templates for Suricata IDPS Threat Hunting
KTS7 40 almost 3 years ago Kibana 7 Templates for Suricata IDPS Threat Hunting

Awesome Suricata / Development Tools

Suricata Language Server 66 10 months ago Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured
suricata-ls-vscode 3 over 3 years ago Suricata IntelliSense Extension using the Suricata Language Server
suricata-highlight-vscode 12 over 3 years ago Suricata Rules Support for Visual Studio Code (syntax highlighting, etc)
SublimeSuricata 35 over 1 year ago Basic Suricata syntax highlighter for Sublime Text

Awesome Suricata / Documentation and Guides

SEPTun 204 over 7 years ago Suricata Extreme Performance Tuning guide
SEPTun-Mark-II 114 over 7 years ago Suricata Extreme Performance Tuning guide - Mark II
suricata-4-analysts 53 over 1 year ago The Security Analyst's Guide to Suricata
Suricata Community Style Guide 7 about 1 year ago A collaborative document to collect style guidelines from the community of rule writers

Awesome Suricata / Analysis Tools

Suricata Analytics 29 10 months ago Various resources that are useful when interacting with Suricata data
Malcolm 2,001 10 months ago A powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts
Evebox 433 9 months ago Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search

Awesome Suricata / Rule Sets

nids-rule-library 22 about 2 years ago Collection of various open-source and commercial rulesets
Stamus Lateral Movement Detection Rules Suricata ruleset to detect lateral movement
QuadrantSec Suricata Rules 5 over 2 years ago QuadrantSec Suricata rules
Cluster25/detection 13 over 1 year ago Cluster25's detection rules

Awesome Suricata / Rule Sets / Networkforensic.dk (NF) rules sets:

NF IDS rules
NF SCADA IDS Rules
NF Scanners IDS Rules

Awesome Suricata / Rule Sets

Quantum Insert detection for Suricata 212 over 6 years ago Suricata rules accompanying Fox-IT's QUANTUM 2015 blog/BroCon talk
Hunting rules 154 9 months ago Suricata IDS alert rules for network anomaly detection from Travis Green
3CORESec NIDS - Lateral Movement Suricata ruleset focusing on lateral movement techniques (paid)
3CORESec NIDS - Sinkholes Suricata ruleset focused on a curated list of public malware sinkholes (free)
PAW Patrules Another free (CC BY-NC-SA) collection of rules for the Suricata engine
opnsense-suricata-nmaps 59 over 1 year ago OPNSense's Suricata IDS/IPS Detection Rules Against NMAP Scans
Antiphishing 3 11 months ago Suricata rules and datasets to detect phishing attacks

Awesome Suricata / Rule/Security Content Management and Handling

sidallocation.org Sid Allocation working group, list of SID ranges
Scirius 636 9 months ago Web application for Suricata ruleset management and threat hunting
IOCmite 37 almost 3 years ago Tool to create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert
luaevilbit 2 almost 13 years ago An Evil bit implementation in luajit for Suricata
Lawmaker Suricata IDS rule and fleet management system
surify-cli 3 about 4 years ago Generate suricata-rules from collection of IOCs (JSON, CSV or flags) based on your suricata template
suricata-prettifier 13 almost 6 years ago Command-line tool to format and syntax highlight Suricata rules
OTX-Suricata 107 over 1 year ago Create rules and configuration for Suricata to alert on indicators from an OTX account
Aristotle 36 10 months ago Simple Python program that allows for the filtering and modifying of Suricata and Snort rulesets based on interpreted key-value pairs present in the metadata keyword within each rule

Awesome Suricata / Plugins and Extensions

suricata-zabbix 1 10 months ago Zabbix application layer plugin for Suricata

Awesome Suricata / Systems Using Suricata

SELKS 1,492 about 1 year ago A Suricata-based intrusion detection system/intrusion prevention system/network security monitoring distribution
Amsterdam 184 almost 3 years ago Docker based Suricata, Elasticsearch, Logstash, Kibana, Scirius aka SELKS
pfSense A free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality
OPNsense An open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform

Awesome Suricata / Training

Experimental Suricata Training Environment 6 over 1 year ago Experimental Suricata Training Environment
CDMCS 100 about 1 year ago Cyber Defence Monitoring Course: Rule-based Threat Detection

Awesome Suricata / Simulation and Testing

Leonidas 535 9 months ago Automated Attack Simulation in the Cloud, complete with detection use cases
speeve 8 over 1 year ago Fast, probabilistic EVE-JSON generator for testing and benchmarking of EVE-consuming applications
Dalton 460 9 months ago Suricata and Snort IDS rule and pcap testing system

Awesome Suricata / Data Sets

suricata-sample-data 31 over 6 years ago Repository of creating different example suricata data sets

Awesome Suricata / Misc

Suriwire 92 almost 4 years ago Wireshark plugin to display Suricata analysis info
bash_cata 9 over 1 year ago A simple script that processes the generated Suricata eve-log in real time and, based on alerts, adds an ip-address to the MikroTik Address Lists for a specified time for subsequent blocking
suriGUI 13 almost 3 years ago GUI for Suricata + Qubes OS

Backlinks from these awesome lists:

More related projects: