Awesome Suricata
Curated list of awesome things related to Suricata.
Suricata is a free intrusion detection/prevention system (IDS/IPS) and network security monitoring engine.
Contents
-
suricata-kafka-output - Suricata Eve Kafka Output Plugin for Suricata 6.
-
suricata-redis-output - Suricata Eve Redis Output Plugin for Suricata 7.
-
Meer - Meer is a “spooler” for Suricata / Sagan.
-
FEVER - Fast, extensible, versatile event router for Suricata’s EVE-JSON format.
-
Suricata-Logstash-Templates - Templates for Kibana/Logstash to use with Suricata IDPS.
-
Lilith - Reads EVE files into SQL as well as search stored data.
Operations, Monitoring and Troubleshooting
-
slinkwatch - Automatic enumeration and maintenance of Suricata monitoring interfaces.
-
suri-stats - A tool to work on suricata
stats.log
file.
-
Mauerspecht - Simple Probing Tool for Corporate Walled Garden Networks.
-
ansible-suricata - Suricata Ansible role (slightly outdated).
-
MassDeploySuricata - Mass deploy and update Suricata IDPS using Ansible IT automation platform.
-
docker-suricata - Suricata Docker image.
-
Suricata-Monitoring - LibreNMS JSON / Nagios monitor for Suricata stats.
-
Terraform Module for Suricata - Terraform module to setup Google Cloud packet mirroring and send packets to Suricata.
-
InfluxDB Suricata Input Plugin - Input Plugin for Telegraf to collect and forward Suricata
stats
logs (included out of the box in recent Telegraf releases).
-
suricata_exporter - Simple Prometheus exporter written in Go exporting stats metrics scraped from Suricata socket.
-
rust-suricatax-rule-parser - Experimental Suricata Rule Parser in Rust.
-
go-suricata - Go Client for Suricata (Interacting via Socket).
-
gonids - Go library to parse intrusion detection rules for engines like Snort and Suricata.
-
surevego - Suricata EVE-JSON parser in Go.
-
suricataparser - Pure python parser for Snort/Suricata rules.
-
py-idstools - Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool).
Dashboards and Templates
-
KTS - Kibana 4 Templates for Suricata IDPS Threat Hunting.
-
KTS5 - Kibana 5 Templates for Suricata IDPS Threat Hunting.
-
KTS6 - Kibana 6 Templates for Suricata IDPS Threat Hunting.
-
KTS7 - Kibana 7 Templates for Suricata IDPS Threat Hunting.
-
Suricata Language Server - Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured.
-
suricata-ls-vscode - Suricata IntelliSense Extension using the Suricata Language Server.
-
suricata-highlight-vscode - Suricata Rules Support for Visual Studio Code (syntax highlighting, etc).
-
SublimeSuricata - Basic Suricata syntax highlighter for Sublime Text.
Documentation and Guides
-
Suricata Analytics - Various resources that are useful when interacting with Suricata data.
-
Malcolm - A powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
-
Evebox - Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search.
Rule Sets
Rule/Security Content Management and Handling
-
sidallocation.org - Sid Allocation working group, list of SID ranges.
-
Scirius - Web application for Suricata ruleset management and threat hunting.
-
IOCmite - Tool to create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert.
-
luaevilbit - An Evil bit implementation in luajit for Suricata.
-
Lawmaker - Suricata IDS rule and fleet management system.
-
surify-cli - Generate suricata-rules from collection of IOCs (JSON, CSV or flags) based on your suricata template.
-
suricata-prettifier - Command-line tool to format and syntax highlight Suricata rules.
-
OTX-Suricata - Create rules and configuration for Suricata to alert on indicators from an OTX account.
-
Aristotle - Simple Python program that allows for the filtering and modifying of Suricata and Snort rulesets based on interpreted key-value pairs present in the metadata keyword within each rule.
Systems Using Suricata
-
SELKS - A Suricata-based intrusion detection system/intrusion prevention system/network security monitoring distribution.
-
Amsterdam - Docker based Suricata, Elasticsearch, Logstash, Kibana, Scirius aka SELKS.
-
pfSense - A free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality.
-
OPNsense - An open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform.
Training
Simulation and Testing
-
Leonidas - Automated Attack Simulation in the Cloud, complete with detection use cases.
-
speeve - Fast, probabilistic EVE-JSON generator for testing and benchmarking of EVE-consuming applications.
-
Dalton - Suricata and Snort IDS rule and pcap testing system.
Data Sets
Misc
-
Suriwire - Wireshark plugin to display Suricata analysis info.
-
bash_cata - A simple script that processes the generated Suricata eve-log in real time and, based on alerts, adds an ip-address to the MikroTik Address Lists for a specified time for subsequent blocking.
-
suriGUI - GUI for Suricata + Qubes OS.