Powerful, Flexible, and Open

Always one step ahead

Our community of developers ensures Suricata remains on the cutting edge of threat detection and response. They prioritize security, usability, and efficiency to keep your network safe from sophisticated and emerging threats.

Plays well with others

Suricata integrates seamlessly with your network and can be embedded within numerous respected commercial and open source solutions.

Independence day is every day

The Suricata project and code are owned and supported by the Open Information Security Foundation (OISF), a non-profit that is committed to keeping Suricata open source forever.

NSM: More than an IDS

Suricata can log HTTP requests, log and store TLS certificates, extract files from flows and store them to disk. The full pcap capture support allows easy analysis. All this makes Suricata a powerful engine for your Network Security Monitoring (NSM) ecosystem.

TLS/SSL Logging and Analysis: Not only can you match against most aspects of an SSL/TLS exchange within the ruleset language thanks to Suricata’s TLS Parser, you can also log all key exchanges for analysis. Great way to make sure your network is not the victim of a less than reputable certificate authority.

HTTP Logging: Why add more hardware into your network just to log http activity when your IDS already sees it? Suricata will log all HTTP connections on any port to file for later analysis.

DNS Logging: Suricata will log all DNS queries and responses.

For complete information and logging formats available click here.

IDS / IPS

Suricata implements a complete signature language to match on known threats, policy violations and malicious behaviour. Suricata will also detect many anomalies in the traffic it inspects. Suricata is capable of using the specialized Emerging Threats Suricata ruleset and the VRT ruleset.

High Performance

A single Suricata instance is capable of inspecting multi-gigabit traffic. The engine is built around a multi threaded, modern, clean and highly scalable code base. There is native support for hardware acceleration from several vendors and through PF_RING and AF_PACKET.

Automatic Protocol Detection

Suricata will automatically detect protocols such as HTTP on any port and apply the proper detection and logging logic. This greatly helps with finding malware and CnC channels.

Lua Scripting

Advanced analysis and functionality available to detect things not possible within the ruleset syntax.

Industry Standard Outputs

Our main logging output is called “Eve”, our all JSON event and alert output. This allows for easy integration with Logstash and similar tools.

Scirius CE hunt mode, correlation showing a request with executable file in response.

Splunk Enterprise – there is a free Suricata app in the Splunk store made by Eric Leblond at Stamus Networks

Suricata’s Flow ID in action in EveBox, correlating alerts, anomaly events, & protocol data/NSM

Alert and protocol/NSM data

Application Layer Anomaly in Kibana

File ID/Transactions in Kibana

Latest Release

Suricata (Stable) version is 6.0.9; released November 29, 2022

Linux/Mac/FreeBSD/UNIX/Windows Source: suricata-6.0.9.tar.gz
PGP Signature: suricata-6.0.9.tar.gz.sig
Windows 64-bit installer: Suricata-6.0.8-1-64bit.msi
Ubuntu PPA channel for Suricata 6

 

Suricata (Beta) version is 7.0.0-beta1; released October 26, 2022

Linux/Mac/FreeBSD/UNIX/Windows Source: suricata-7.0.0-beta1.tar.gz
PGP Signature: suricata-7.0.0-beta1.tar.gz.sig