awesome-suricata
Suricata toolkit
A curated collection of tools and libraries supporting the Suricata intrusion detection/prevention system
A curated list of awesome things related to Suricata
134 stars
6 watching
11 forks
last commit: 7 days ago
Linked from 1 awesome list
awesomeawesome-listidsipslistsnsmsuricata
Awesome Suricata / Input Tools | |||
| PacketStreamer | 1,885 | 5 months ago | Distributed tcpdump for cloud native environments |
Awesome Suricata / Output Tools | |||
| suricata-kafka-output | 14 | almost 3 years ago | Suricata Eve Kafka Output Plugin for Suricata 6 |
| suricata-redis-output | 7 | over 2 years ago | Suricata Eve Redis Output Plugin for Suricata 7 |
| Meer | 28 | over 1 year ago | Meer is a "spooler" for Suricata / Sagan |
| FEVER | 50 | 5 months ago | Fast, extensible, versatile event router for Suricata's EVE-JSON format |
| Suricata-Logstash-Templates | 80 | over 8 years ago | Templates for Kibana/Logstash to use with Suricata IDPS |
| Lilith | 1 | almost 2 years ago | Reads EVE files into SQL as well as search stored data |
Awesome Suricata / Operations, Monitoring and Troubleshooting | |||
| slinkwatch | 11 | almost 5 years ago | Automatic enumeration and maintenance of Suricata monitoring interfaces |
| suri-stats | 28 | about 9 years ago | A tool to work on suricata file |
| Mauerspecht | 3 | over 5 years ago | Simple Probing Tool for Corporate Walled Garden Networks |
| ansible-suricata | 1 | over 6 years ago | Suricata Ansible role (slightly outdated) |
| MassDeploySuricata | 9 | almost 10 years ago | Mass deploy and update Suricata IDPS using Ansible IT automation platform |
| docker-suricata | 263 | 15 days ago | Suricata Docker image |
| Suricata-Monitoring | 0 | 6 months ago | LibreNMS JSON / Nagios monitor for Suricata stats |
| Terraform Module for Suricata | 9 | over 2 years ago | Terraform module to setup Google Cloud packet mirroring and send packets to Suricata |
| InfluxDB Suricata Input Plugin | 14,693 | 7 days ago | Input Plugin for Telegraf to collect and forward Suricata logs (included out of the box in recent Telegraf releases) |
| suricata_exporter | 19 | about 1 month ago | Simple Prometheus exporter written in Go exporting stats metrics scraped from Suricata socket |
Awesome Suricata / Programming Libraries and Toolkits | |||
| rust-suricatax-rule-parser | 9 | 7 months ago | Experimental Suricata Rule Parser in Rust |
| go-suricata | 12 | about 4 years ago | Go Client for Suricata (Interacting via Socket) |
| gonids | 180 | almost 2 years ago | Go library to parse intrusion detection rules for engines like Snort and Suricata |
| surevego | 14 | over 5 years ago | Suricata EVE-JSON parser in Go |
| suricataparser | 27 | 8 months ago | Pure python parser for Snort/Suricata rules |
| py-idstools | 276 | about 1 year ago | Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool) |
Awesome Suricata / Dashboards and Templates | |||
| KTS | 33 | over 8 years ago | Kibana 4 Templates for Suricata IDPS Threat Hunting |
| KTS5 | 43 | over 6 years ago | Kibana 5 Templates for Suricata IDPS Threat Hunting |
| KTS6 | 25 | over 5 years ago | Kibana 6 Templates for Suricata IDPS Threat Hunting |
| KTS7 | 39 | about 2 years ago | Kibana 7 Templates for Suricata IDPS Threat Hunting |
Awesome Suricata / Development Tools | |||
| Suricata Language Server | 64 | 7 days ago | Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured |
| suricata-ls-vscode | 3 | almost 3 years ago | Suricata IntelliSense Extension using the Suricata Language Server |
| suricata-highlight-vscode | 12 | over 2 years ago | Suricata Rules Support for Visual Studio Code (syntax highlighting, etc) |
| SublimeSuricata | 35 | 12 months ago | Basic Suricata syntax highlighter for Sublime Text |
Awesome Suricata / Documentation and Guides | |||
| SEPTun | 204 | over 6 years ago | Suricata Extreme Performance Tuning guide |
| SEPTun-Mark-II | 113 | over 6 years ago | Suricata Extreme Performance Tuning guide - Mark II |
| suricata-4-analysts | 52 | 6 months ago | The Security Analyst's Guide to Suricata |
| Suricata Community Style Guide | 7 | 5 months ago | A collaborative document to collect style guidelines from the community of rule writers |
Awesome Suricata / Analysis Tools | |||
| Suricata Analytics | 27 | 3 days ago | Various resources that are useful when interacting with Suricata data |
| Malcolm | 1,962 | 7 days ago | A powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts |
| Evebox | 431 | 9 days ago | Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search |
Awesome Suricata / Rule Sets | |||
| nids-rule-library | 20 | over 1 year ago | Collection of various open-source and commercial rulesets |
| Stamus Lateral Movement Detection Rules | Suricata ruleset to detect lateral movement | ||
| QuadrantSec Suricata Rules | 5 | over 1 year ago | QuadrantSec Suricata rules |
| Cluster25/detection | 13 | 10 months ago | Cluster25's detection rules |
Awesome Suricata / Rule Sets / Networkforensic.dk (NF) rules sets: | |||
| NF IDS rules | |||
| NF SCADA IDS Rules | |||
| NF Scanners IDS Rules | |||
Awesome Suricata / Rule Sets | |||
| Quantum Insert detection for Suricata | 213 | almost 6 years ago | Suricata rules accompanying Fox-IT's QUANTUM 2015 blog/BroCon talk |
| Hunting rules | 153 | 3 months ago | Suricata IDS alert rules for network anomaly detection from Travis Green |
| 3CORESec NIDS - Lateral Movement | Suricata ruleset focusing on lateral movement techniques (paid) | ||
| 3CORESec NIDS - Sinkholes | Suricata ruleset focused on a curated list of public malware sinkholes (free) | ||
| PAW Patrules | Another free (CC BY-NC-SA) collection of rules for the Suricata engine | ||
| opnsense-suricata-nmaps | 52 | 6 months ago | OPNSense's Suricata IDS/IPS Detection Rules Against NMAP Scans |
| Antiphishing | 2 | about 1 month ago | Suricata rules and datasets to detect phishing attacks |
Awesome Suricata / Rule/Security Content Management and Handling | |||
| sidallocation.org | Sid Allocation working group, list of SID ranges | ||
| Scirius | 635 | 8 days ago | Web application for Suricata ruleset management and threat hunting |
| IOCmite | 37 | about 2 years ago | Tool to create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert |
| luaevilbit | 2 | almost 12 years ago | An Evil bit implementation in luajit for Suricata |
| Lawmaker | Suricata IDS rule and fleet management system | ||
| surify-cli | 3 | over 3 years ago | Generate suricata-rules from collection of IOCs (JSON, CSV or flags) based on your suricata template |
| suricata-prettifier | 13 | almost 5 years ago | Command-line tool to format and syntax highlight Suricata rules |
| OTX-Suricata | 107 | 7 months ago | Create rules and configuration for Suricata to alert on indicators from an OTX account |
| Aristotle | 36 | 19 days ago | Simple Python program that allows for the filtering and modifying of Suricata and Snort rulesets based on interpreted key-value pairs present in the metadata keyword within each rule |
Awesome Suricata / Plugins and Extensions | |||
| suricata-zabbix | 1 | 8 days ago | Zabbix application layer plugin for Suricata |
Awesome Suricata / Systems Using Suricata | |||
| SELKS | 1,479 | 3 months ago | A Suricata-based intrusion detection system/intrusion prevention system/network security monitoring distribution |
| Amsterdam | 184 | about 2 years ago | Docker based Suricata, Elasticsearch, Logstash, Kibana, Scirius aka SELKS |
| pfSense | A free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality | ||
| OPNsense | An open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform | ||
Awesome Suricata / Training | |||
| Experimental Suricata Training Environment | 6 | 9 months ago | Experimental Suricata Training Environment |
| CDMCS | 100 | 6 months ago | Cyber Defence Monitoring Course: Rule-based Threat Detection |
Awesome Suricata / Simulation and Testing | |||
| Leonidas | 485 | 3 months ago | Automated Attack Simulation in the Cloud, complete with detection use cases |
| speeve | 8 | 7 months ago | Fast, probabilistic EVE-JSON generator for testing and benchmarking of EVE-consuming applications |
| Dalton | 451 | 6 days ago | Suricata and Snort IDS rule and pcap testing system |
Awesome Suricata / Data Sets | |||
| suricata-sample-data | 32 | almost 6 years ago | Repository of creating different example suricata data sets |
Awesome Suricata / Misc | |||
| Suriwire | 91 | about 3 years ago | Wireshark plugin to display Suricata analysis info |
| bash_cata | 9 | 8 months ago | A simple script that processes the generated Suricata eve-log in real time and, based on alerts, adds an ip-address to the MikroTik Address Lists for a specified time for subsequent blocking |
| suriGUI | 13 | about 2 years ago | GUI for Suricata + Qubes OS |
sindresorhus/awesome
datadog/stratus-red-team
tevjef/go-runtime-metrics
filodb/filodb
bkuhlmann/mac_os-config
edluffy/hologram.nvim
appneta/tcpreplay
gchq/cyberchef
influxdata/chronograf
braintree/runbook
pocco81/true-zen.nvim
folke/zen-mode.nvim
redhuntlabs/redhunt-os
rhinosecuritylabs/pacu