Skip to content

satta/awesome-suricata

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

58 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Awesome Suricata Awesome

Curated list of awesome things related to Suricata.

Suricata is a free intrusion detection/prevention system (IDS/IPS) and network security monitoring engine.

Contents

Input Tools

Output Tools

  • suricata-kafka-output - Suricata Eve Kafka Output Plugin for Suricata 6.
  • suricata-redis-output - Suricata Eve Redis Output Plugin for Suricata 7.
  • Meer - Meer is a "spooler" for Suricata / Sagan.
  • FEVER - Fast, extensible, versatile event router for Suricata's EVE-JSON format.
  • Suricata-Logstash-Templates - Templates for Kibana/Logstash to use with Suricata IDPS.
  • Lilith - Reads EVE files into SQL as well as search stored data.

Operations, Monitoring and Troubleshooting

  • slinkwatch - Automatic enumeration and maintenance of Suricata monitoring interfaces.
  • suri-stats - A tool to work on suricata stats.log file.
  • Mauerspecht - Simple Probing Tool for Corporate Walled Garden Networks.
  • ansible-suricata - Suricata Ansible role (slightly outdated).
  • MassDeploySuricata - Mass deploy and update Suricata IDPS using Ansible IT automation platform.
  • docker-suricata - Suricata Docker image.
  • Suricata-Monitoring - LibreNMS JSON / Nagios monitor for Suricata stats.
  • Terraform Module for Suricata - Terraform module to setup Google Cloud packet mirroring and send packets to Suricata.
  • InfluxDB Suricata Input Plugin - Input Plugin for Telegraf to collect and forward Suricata stats logs (included out of the box in recent Telegraf releases).
  • suricata_exporter - Simple Prometheus exporter written in Go exporting stats metrics scraped from Suricata socket.

Programming Libraries and Toolkits

  • rust-suricatax-rule-parser - Experimental Suricata Rule Parser in Rust.
  • go-suricata - Go Client for Suricata (Interacting via Socket).
  • gonids - Go library to parse intrusion detection rules for engines like Snort and Suricata.
  • surevego - Suricata EVE-JSON parser in Go.
  • suricataparser - Pure python parser for Snort/Suricata rules.
  • py-idstools - Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool).

Dashboards and Templates

  • KTS - Kibana 4 Templates for Suricata IDPS Threat Hunting.
  • KTS5 - Kibana 5 Templates for Suricata IDPS Threat Hunting.
  • KTS6 - Kibana 6 Templates for Suricata IDPS Threat Hunting.
  • KTS7 - Kibana 7 Templates for Suricata IDPS Threat Hunting.

Development Tools

  • Suricata Language Server - Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured.
  • suricata-ls-vscode - Suricata IntelliSense Extension using the Suricata Language Server.
  • suricata-highlight-vscode - Suricata Rules Support for Visual Studio Code (syntax highlighting, etc).
  • SublimeSuricata - Basic Suricata syntax highlighter for Sublime Text.

Documentation and Guides

Analysis Tools

  • Suricata Analytics - Various resources that are useful when interacting with Suricata data.
  • Malcolm - A powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
  • Evebox - Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search.

Rule Sets

Rule/Security Content Management and Handling

  • sidallocation.org - Sid Allocation working group, list of SID ranges.
  • Scirius - Web application for Suricata ruleset management and threat hunting.
  • IOCmite - Tool to create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert.
  • luaevilbit - An Evil bit implementation in luajit for Suricata.
  • Lawmaker - Suricata IDS rule and fleet management system.
  • surify-cli - Generate suricata-rules from collection of IOCs (JSON, CSV or flags) based on your suricata template.
  • suricata-prettifier - Command-line tool to format and syntax highlight Suricata rules.
  • OTX-Suricata - Create rules and configuration for Suricata to alert on indicators from an OTX account.
  • Aristotle - Simple Python program that allows for the filtering and modifying of Suricata and Snort rulesets based on interpreted key-value pairs present in the metadata keyword within each rule.

Plugins and Extensions

Systems Using Suricata

  • SELKS - A Suricata-based intrusion detection system/intrusion prevention system/network security monitoring distribution.
  • Amsterdam - Docker based Suricata, Elasticsearch, Logstash, Kibana, Scirius aka SELKS.
  • pfSense - A free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality.
  • OPNsense - An open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform.

Training

Simulation and Testing

  • Leonidas - Automated Attack Simulation in the Cloud, complete with detection use cases.
  • speeve - Fast, probabilistic EVE-JSON generator for testing and benchmarking of EVE-consuming applications.
  • Dalton - Suricata and Snort IDS rule and pcap testing system.

Data Sets

Misc

  • Suriwire - Wireshark plugin to display Suricata analysis info.
  • bash_cata - A simple script that processes the generated Suricata eve-log in real time and, based on alerts, adds an ip-address to the MikroTik Address Lists for a specified time for subsequent blocking.
  • suriGUI - GUI for Suricata + Qubes OS.