Suricata is an open-source network intrusion detection system (IDS), intrusion prevention system (IPS), and network security monitoring engine.
Suricata features
Suricata offers comprehensive capabilities for network security monitoring (NSM), including logging HTTP requests, capturing and storing TLS certificates, and extracting files from network flows for disk storage. Its support for full packet capture (pcap) simplifies in-depth traffic analysis.
TLS/SSL logging and analysis: With Suricata’s powerful TLS parser, you can inspect most aspects of SSL/TLS exchanges directly through its ruleset language. Additionally, Suricata logs all key exchanges, enabling thorough analysis to ensure your network isn’t vulnerable to compromised certificate authorities.
HTTP logging: Instead of adding extra hardware to monitor HTTP activity, Suricata captures and logs all HTTP connections on any port, storing them for later analysis—an efficient use of your existing IDS.
DNS logging: Suricata logs all DNS queries and responses, offering complete visibility into domain name resolution activity across your network.
A single instance of Suricata can easily handle multi-gigabit traffic inspection. Built on a modern, multi-threaded, highly scalable architecture, the engine is optimized for high performance. It also offers native support for hardware acceleration from various vendors and integration with PF_RING and AF_PACKET.
The Suricata project and its code are maintained and supported by the Open Information Security Foundation (OISF), a non-profit organization dedicated to ensuring that Suricata remains open source indefinitely.
Download
Suricata can be installed on various distributions using pre-built binary packages. Alternatively, for those comfortable with compiling software, installing from source is the recommended approach. Installing from the source distribution files provides the greatest control over the installation.
Suricata is available for free on GitHub.
Must read: