Powerful, Flexible, and Open
Always one step ahead
Our community of developers ensures Suricata remains on the cutting edge of threat detection and response. They prioritize security, usability, and efficiency to keep your network safe from sophisticated and emerging threats.
Plays well with others
Suricata integrates seamlessly with your network and can be embedded within numerous respected commercial and open source solutions.
Independence day is every day
The Suricata project and code are owned and supported by the Open Information Security Foundation (OISF), a non-profit that is committed to keeping Suricata open source forever.
Suricata can log HTTP requests, log and store TLS certificates, extract files from flows and store them to disk. The full pcap capture support allows easy analysis. All this makes Suricata a powerful engine for your Network Security Monitoring (NSM) ecosystem.
TLS/SSL Logging and Analysis: Not only can you match against most aspects of an SSL/TLS exchange within the ruleset language thanks to Suricata’s TLS Parser, you can also log all key exchanges for analysis. Great way to make sure your network is not the victim of a less than reputable certificate authority.
HTTP Logging: Why add more hardware into your network just to log http activity when your IDS already sees it? Suricata will log all HTTP connections on any port to file for later analysis.
DNS Logging: Suricata will log all DNS queries and responses.
For complete information and logging formats available click here.
A single Suricata instance is capable of inspecting multi-gigabit traffic. The engine is built around a multi threaded, modern, clean and highly scalable code base. There is native support for hardware acceleration from several vendors and through PF_RING and AF_PACKET.
Suricata will automatically detect protocols such as HTTP on any port and apply the proper detection and logging logic. This greatly helps with finding malware and CnC channels.
Advanced analysis and functionality available to detect things not possible within the ruleset syntax.
Our main logging output is called “Eve”, our all JSON event and alert output. This allows for easy integration with Logstash and similar tools.
Scirius CE hunt mode, correlation showing a request with executable file in response.
Splunk Enterprise – there is a free Suricata app in the Splunk store made by Eric Leblond at Stamus Networks
Suricata’s Flow ID in action in EveBox, correlating alerts, anomaly events, & protocol data/NSM
Alert and protocol/NSM data
Application Layer Anomaly in Kibana
File ID/Transactions in Kibana