Awesome Suricata

Curated list of awesome things related to Suricata.

Suricata is a free intrusion detection/prevention system (IDS/IPS) and network security monitoring engine.Contents

Input Tools

Output Tools

Operations, Monitoring and Troubleshooting

Programming Libraries and Toolkits

Dashboards and Templates

Development Tools

Documentation and Guides

Analysis Tools

Rule Sets

Rule/Security Content Management and Handling

Plugins and Extensions

Systems Using Suricata

Training

Simulation and Testing

Data Sets

Misc

Input Tools

PacketStreamer - Distributed tcpdump for cloud native environments.

Output Tools

suricata-kafka-output - Suricata Eve Kafka Output Plugin for Suricata 6.

suricata-redis-output - Suricata Eve Redis Output Plugin for Suricata 7.

Meer - A "spooler" for Suricata / Sagan.

FEVER - Fast, extensible, versatile event router for Suricata's EVE-JSON format.

Suricata-Logstash-Templates - Templates for Kibana/Logstash to use with Suricata IDPS.

Lilith - Reads EVE files into SQL as well as search stored data.

Operations, Monitoring and Troubleshooting

slinkwatch - Automatic enumeration and maintenance of Suricata monitoring interfaces.

suri-stats - A tool to work on suricata stats.log file.

Mauerspecht - Simple Probing Tool for Corporate Walled Garden Networks.

ansible-suricata - Suricata Ansible role (slightly outdated).

MassDeploySuricata - Mass deploy and update Suricata IDPS using Ansible IT automation platform.

docker-suricata - Suricata Docker image.

Suricata-Monitoring - LibreNMS JSON / Nagios monitor for Suricata stats.

Terraform Module for Suricata - Terraform module to setup Google Cloud packet mirroring and send packets to Suricata.

InfluxDB Suricata Input Plugin - Input Plugin for Telegraf to collect and forward Suricata stats logs (included out of the box in recent Telegraf releases).

suricata_exporter - Simple Prometheus exporter written in Go exporting stats metrics scraped from Suricata socket.

Programming Libraries and Toolkits

rust-suricatax-rule-parser - Experimental Suricata Rule Parser in Rust.

go-suricata - Go Client for Suricata (Interacting via Socket).

gonids - Go library to parse intrusion detection rules for engines like Snort and Suricata.

surevego - Suricata EVE-JSON parser in Go.

suricataparser - Pure python parser for Snort/Suricata rules.

py-idstools - Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool).

Dashboards and Templates

KTS - Kibana 4 Templates for Suricata IDPS Threat Hunting.

KTS5 - Kibana 5 Templates for Suricata IDPS Threat Hunting.

KTS6 - Kibana 6 Templates for Suricata IDPS Threat Hunting.

KTS7 - Kibana 7 Templates for Suricata IDPS Threat Hunting.

Development Tools

Suricata Language Server - An implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured.

suricata-ls-vscode - Suricata IntelliSense Extension using the Suricata Language Server.

Awesome Suricata

Curated list of awesome things related to Suricata.

Suricata is a free intrusion detection/prevention system (IDS/IPS) and network security monitoring engine.

Input Tools
Output Tools
Operations, Monitoring and Troubleshooting
Programming Libraries and Toolkits
Dashboards and Templates
Development Tools
Documentation and Guides
Analysis Tools
Rule Sets
Rule/Security Content Management and Handling
Plugins and Extensions
Systems Using Suricata
Training
Simulation and Testing
Data Sets
Misc

Input Tools

PacketStreamer - Distributed tcpdump for cloud native environments.

Output Tools

suricata-kafka-output - Suricata Eve Kafka Output Plugin for Suricata 6.
suricata-redis-output - Suricata Eve Redis Output Plugin for Suricata 7.
Meer - A "spooler" for Suricata / Sagan.
FEVER - Fast, extensible, versatile event router for Suricata's EVE-JSON format.
Suricata-Logstash-Templates - Templates for Kibana/Logstash to use with Suricata IDPS.
Lilith - Reads EVE files into SQL as well as search stored data.

Operations, Monitoring and Troubleshooting

slinkwatch - Automatic enumeration and maintenance of Suricata monitoring interfaces.
suri-stats - A tool to work on suricata stats.log file.
Mauerspecht - Simple Probing Tool for Corporate Walled Garden Networks.
ansible-suricata - Suricata Ansible role (slightly outdated).
MassDeploySuricata - Mass deploy and update Suricata IDPS using Ansible IT automation platform.
docker-suricata - Suricata Docker image.
Suricata-Monitoring - LibreNMS JSON / Nagios monitor for Suricata stats.
Terraform Module for Suricata - Terraform module to setup Google Cloud packet mirroring and send packets to Suricata.
InfluxDB Suricata Input Plugin - Input Plugin for Telegraf to collect and forward Suricata stats logs (included out of the box in recent Telegraf releases).
suricata_exporter - Simple Prometheus exporter written in Go exporting stats metrics scraped from Suricata socket.

Programming Libraries and Toolkits

rust-suricatax-rule-parser - Experimental Suricata Rule Parser in Rust.
go-suricata - Go Client for Suricata (Interacting via Socket).
gonids - Go library to parse intrusion detection rules for engines like Snort and Suricata.
surevego - Suricata EVE-JSON parser in Go.
suricataparser - Pure python parser for Snort/Suricata rules.
py-idstools - Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool).

Dashboards and Templates

KTS - Kibana 4 Templates for Suricata IDPS Threat Hunting.
KTS5 - Kibana 5 Templates for Suricata IDPS Threat Hunting.
KTS6 - Kibana 6 Templates for Suricata IDPS Threat Hunting.
KTS7 - Kibana 7 Templates for Suricata IDPS Threat Hunting.

Development Tools

Suricata Language Server - An implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured.
suricata-ls-vscode - Suricata IntelliSense Extension using the Suricata Language Server.