{"id":434,"url":"https://github.com/satta/awesome-suricata","last_synced_at":"2025-08-13T09:34:07.467Z","repository":{"id":64845936,"uuid":"564772414","full_name":"satta/awesome-suricata","owner":"satta","description":"A curated list of awesome things related to Suricata","archived":false,"fork":false,"pushed_at":"2024-05-12T20:37:02.000Z","size":49,"stargazers_count":108,"open_issues_count":0,"forks_count":9,"subscribers_count":6,"default_branch":"main","last_synced_at":"2024-05-21T13:16:48.206Z","etag":null,"topics":["awesome","awesome-list","ids","ips","lists","nsm","suricata"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/satta.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"code-of-conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-11T13:13:47.000Z","updated_at":"2024-05-21T09:26:20.000Z","dependencies_parsed_at":"2024-01-12T17:35:25.572Z","dependency_job_id":"28a0ef5b-cba6-4c72-826e-fd1146255883","html_url":"https://github.com/satta/awesome-suricata","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/satta%2Fawesome-suricata","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/satta%2Fawesome-suricata/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/satta%2Fawesome-suricata/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/satta%2Fawesome-suricata/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/satta","download_url":"https://codeload.github.com/satta/awesome-suricata/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":229754902,"owners_count":18119134,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["awesome","awesome-list","ids","ips","lists","nsm","suricata"],"created_at":"2024-01-05T20:12:54.825Z","updated_at":"2025-08-13T09:34:07.429Z","avatar_url":"https://github.com/satta.png","language":null,"funding_links":[],"categories":["Other Lists","Security","Uncategorized","Themed Directories","Other Useful Repositories"],"sub_categories":["TeX Lists","Uncategorized","Updated this month"],"readme":"# Awesome Suricata [![Awesome](https://awesome.re/badge-flat2.svg)](https://awesome.re)\n\n[\u003cimg src=\"https://suricata.io/wp-content/uploads/2022/01/Logo-SuricataFinal-1-translucent.png\" align=\"right\" width=\"120\"\u003e](https://suricata.io)\n\n\u003e Curated list of awesome things related to Suricata.\n\n[Suricata](https://suricata.io/features) is a free intrusion detection/prevention system (IDS/IPS) and network security monitoring engine.\n\n## Contents\n\n- [Input Tools](#input-tools)\n- [Output Tools](#output-tools)\n- [Operations, Monitoring and Troubleshooting](#operations-monitoring-and-troubleshooting)\n- [Programming Libraries and Toolkits](#programming-libraries-and-toolkits)\n- [Dashboards and Templates](#dashboards-and-templates)\n- [Development Tools](#development-tools)\n- [Documentation and Guides](#documentation-and-guides)\n- [Analysis Tools](#analysis-tools)\n- [Rule Sets](#rule-sets)\n- [Rule/Security Content Management and Handling](#rulesecurity-content-management-and-handling)\n- [Plugins and Extensions](#plugins-and-extensions)\n- [Systems Using Suricata](#systems-using-suricata)\n- [Training](#training)\n- [Simulation and Testing](#simulation-and-testing)\n- [Data Sets](#data-sets)\n- [Misc](#misc)\n\n\n## Input Tools\n\n- [PacketStreamer](https://github.com/deepfence/PacketStreamer) - Distributed tcpdump for cloud native environments.\n\n\n## Output Tools\n\n- [suricata-kafka-output](https://github.com/Center-Sun/suricata-kafka-output) - Suricata Eve Kafka Output Plugin for Suricata 6.\n- [suricata-redis-output](https://github.com/jasonish/suricata-redis-output) - Suricata Eve Redis Output Plugin for Suricata 7.\n- [Meer](https://github.com/quadrantsec/meer) - Meer is a \"spooler\" for Suricata / Sagan.\n- [FEVER](https://github.com/DCSO/fever) - Fast, extensible, versatile event router for Suricata's EVE-JSON format.\n- [Suricata-Logstash-Templates](https://github.com/pevma/Suricata-Logstash-Templates) - Templates for Kibana/Logstash to use with Suricata IDPS.\n- [Lilith](https://github.com/VVelox/Lilith) - Reads EVE files into SQL as well as search stored data.\n\n\n## Operations, Monitoring and Troubleshooting\n\n- [slinkwatch](https://github.com/DCSO/slinkwatch) - Automatic enumeration and maintenance of Suricata monitoring interfaces.\n- [suri-stats](https://github.com/regit/suri-stats) - A tool to work on suricata `stats.log` file.\n- [Mauerspecht](https://github.com/DCSO/mauerspecht) - Simple Probing Tool for Corporate Walled Garden Networks.\n- [ansible-suricata](https://github.com/GitMirar/ansible-suricata) - Suricata Ansible role (slightly outdated).\n- [MassDeploySuricata](https://github.com/pevma/MassDeploySuricata) - Mass deploy and update Suricata IDPS using Ansible IT automation platform.\n- [docker-suricata](https://github.com/jasonish/docker-suricata) - Suricata Docker image.\n- [Suricata-Monitoring](https://github.com/VVelox/Suricata-Monitoring) - LibreNMS JSON / Nagios monitor for Suricata stats.\n- [Terraform Module for Suricata](https://github.com/onetwopunch/terraform-google-suricata) - Terraform module to setup Google Cloud packet mirroring and send packets to Suricata.\n- [InfluxDB Suricata Input Plugin](https://github.com/influxdata/telegraf/tree/master/plugins/inputs/suricata) - Input Plugin for Telegraf to collect and forward Suricata `stats` logs (included out of the box in recent Telegraf releases).\n- [suricata_exporter](https://github.com/corelight/suricata_exporter) - Simple Prometheus exporter written in Go exporting stats metrics scraped from Suricata socket.\n\n\n## Programming Libraries and Toolkits\n\n- [rust-suricatax-rule-parser](https://github.com/jasonish/rust-suricatax-rule-parser) - Experimental Suricata Rule Parser in Rust.\n- [go-suricata](https://github.com/ks2211/go-suricata) - Go Client for Suricata (Interacting via Socket).\n- [gonids](https://github.com/google/gonids) - Go library to parse intrusion detection rules for engines like Snort and Suricata.\n- [surevego](https://github.com/rhaist/surevego) - Suricata EVE-JSON parser in Go.\n- [suricataparser](https://github.com/m-chrome/py-suricataparser) - Pure python parser for Snort/Suricata rules.\n- [py-idstools](https://github.com/jasonish/py-idstools) - Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool).\n\n\n## Dashboards and Templates\n\n- [KTS](https://github.com/StamusNetworks/KTS) - Kibana 4 Templates for Suricata IDPS Threat Hunting.\n- [KTS5](https://github.com/StamusNetworks/KTS5) - Kibana 5 Templates for Suricata IDPS Threat Hunting.\n- [KTS6](https://github.com/StamusNetworks/KTS6) - Kibana 6 Templates for Suricata IDPS Threat Hunting.\n- [KTS7](https://github.com/StamusNetworks/KTS7) - Kibana 7 Templates for Suricata IDPS Threat Hunting.\n\n\n## Development Tools\n\n- [Suricata Language Server](https://github.com/StamusNetworks/suricata-language-server) - Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured.\n- [suricata-ls-vscode](https://github.com/StamusNetworks/suricata-ls-vscode) - Suricata IntelliSense Extension using the Suricata Language Server.\n- [suricata-highlight-vscode](https://github.com/dgenzer/suricata-highlight-vscode) - Suricata Rules Support for Visual Studio Code (syntax highlighting, etc).\n- [SublimeSuricata](https://github.com/ozuriexv/SublimeSuricata) - Basic Suricata syntax highlighter for Sublime Text.\n- [Suricata-Check](https://suricata-check.teuwen.net/readme.html) - ``suricata-check`` is a command-line utility to provide feedback on Suricata rules. It can detect issues such as covering syntax validity, interpretability, rule specificity, rule coverage, and efficiency.\n\n## Documentation and Guides\n\n- [SEPTun](https://github.com/pevma/SEPTun) - Suricata Extreme Performance Tuning guide.\n- [SEPTun-Mark-II](https://github.com/pevma/SEPTun-Mark-II) - Suricata Extreme Performance Tuning guide - Mark II.\n- [suricata-4-analysts](https://github.com/StamusNetworks/suricata-4-analysts) - The Security Analyst's Guide to Suricata.\n- [Suricata Community Style Guide](https://github.com/sidallocation/suricata-style-guide) - A collaborative document to collect style guidelines from the community of rule writers.\n\n\n## Analysis Tools\n\n- [Suricata Analytics](https://github.com/StamusNetworks/suricata-analytics) - Various resources that are useful when interacting with Suricata data.\n- [Malcolm](https://github.com/cisagov/Malcolm) - A powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.\n- [Evebox](https://github.com/jasonish/evebox) - Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search.\n\n\n## Rule Sets\n\n- [nids-rule-library](https://github.com/klingerko/nids-rule-library#readme) - Collection of various open-source and commercial rulesets.\n- [Stamus Lateral Movement Detection Rules](https://www.stamus-networks.com/blog/new-open-ruleset-for-detecting-lateral-movement-with-suricata) - Suricata ruleset to detect lateral movement.\n- [QuadrantSec Suricata Rules](https://github.com/quadrantsec/suricata-rules) - QuadrantSec Suricata rules.\n- [Cluster25/detection](https://github.com/Cluster25/detection) - Cluster25's detection rules.\n- Networkforensic.dk (NF) rules sets: \n  - [NF IDS rules](https://networkforensic.dk/SNORT/NF-local.zip)\n  - [NF SCADA IDS Rules](https://networkforensic.dk/SNORT/NF-SCADA.zip)\n  - [NF Scanners IDS Rules](https://networkforensic.dk/SNORT/NF-Scanners.zip)\n- [Quantum Insert detection for Suricata](https://github.com/fox-it/quantuminsert/blob/master/detection/suricata/README.md) - Suricata rules accompanying Fox-IT's QUANTUM 2015 blog/BroCon talk.\n- [Hunting rules](https://github.com/travisbgreen/hunting-rules) - Suricata IDS alert rules for network anomaly detection from Travis Green.\n- [3CORESec NIDS - Lateral Movement](https://dtection.io/ruleset/3cs_lateral) - Suricata ruleset focusing on lateral movement techniques (paid).\n- [3CORESec NIDS - Sinkholes](https://dtection.io/ruleset/3cs_sinkholes) - Suricata ruleset focused on a curated list of public malware sinkholes (free).\n- [PAW Patrules](https://pawpatrules.fr) - Another free (CC BY-NC-SA) collection of rules for the Suricata engine.\n- [opnsense-suricata-nmaps](https://github.com/aleksibovellan/opnsense-suricata-nmaps) - OPNSense's Suricata IDS/IPS Detection Rules Against NMAP Scans.\n- [Antiphishing](https://github.com/julioliraup/Antiphishing) - Suricata rules and datasets to detect phishing attacks.\n\n\n## Rule/Security Content Management and Handling\n\n- [sidallocation.org](https://sidallocation.org/) - Sid Allocation working group, list of SID ranges.\n- [Scirius](https://github.com/StamusNetworks/scirius) - Web application for Suricata ruleset management and threat hunting.\n- [IOCmite](https://github.com/sebdraven/IOCmite) - Tool to create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert.\n- [luaevilbit](https://github.com/regit/luaevilbit) - An Evil bit implementation in luajit for Suricata.\n- [Lawmaker](https://www.3coresec.com/solutions/lawmaker) - Suricata IDS rule and fleet management system.\n- [surify-cli](https://github.com/dgenzer/surify-cli) - Generate suricata-rules from collection of IOCs (JSON, CSV or flags) based on your suricata template.\n- [suricata-prettifier](https://github.com/theY4Kman/suricata-prettifier) - Command-line tool to format and syntax highlight Suricata rules.\n- [OTX-Suricata](https://github.com/AlienVault-OTX/OTX-Suricata) - Create rules and configuration for Suricata to alert on indicators from an OTX account.\n- [Aristotle](https://github.com/secureworks/aristotle) - Simple Python program that allows for the filtering and modifying of Suricata and Snort rulesets based on interpreted key-value pairs present in the metadata keyword within each rule.\n\n\n## Plugins and Extensions\n\n- [suricata-zabbix](https://github.com/catenacyber/suricata-zabbix) - Zabbix application layer plugin for Suricata.\n\n\n## Systems Using Suricata\n\n- [SELKS](https://github.com/StamusNetworks/SELKS) - A Suricata-based intrusion detection system/intrusion prevention system/network security monitoring distribution.\n- [Amsterdam](https://github.com/StamusNetworks/Amsterdam) - Docker based Suricata, Elasticsearch, Logstash, Kibana, Scirius aka SELKS.\n- [pfSense](https://www.pfsense.org) - A free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality.\n- [OPNsense](https://opnsense.org) - An open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform.\n\n\n## Training\n\n- [Experimental Suricata Training Environment](https://github.com/jasonish/experimental-suricata-training) - Experimental Suricata Training Environment.\n- [CDMCS](https://github.com/ccdcoe/CDMCS/tree/master) - Cyber Defence Monitoring Course: Rule-based Threat Detection.\n\n\n## Simulation and Testing\n\n- [Leonidas](https://github.com/WithSecureLabs/leonidas) - Automated Attack Simulation in the Cloud, complete with detection use cases.\n- [speeve](https://github.com/satta/speeve) - Fast, probabilistic EVE-JSON generator for testing and benchmarking of EVE-consuming applications.\n- [Dalton](https://github.com/secureworks/dalton) - Suricata and Snort IDS rule and pcap testing system.\n\n\n## Data Sets\n\n- [suricata-sample-data](https://github.com/FrankHassanabad/suricata-sample-data) - Repository of creating different example suricata data sets.\n\n\n## Misc\n\n- [Suriwire](https://github.com/regit/suriwire) - Wireshark plugin to display Suricata analysis info.\n- [bash_cata](https://github.com/isMTv/bash_cata) - A simple script that processes the generated Suricata eve-log in real time and, based on alerts, adds an ip-address to the MikroTik Address Lists for a specified time for subsequent blocking.\n- [suriGUI](https://github.com/control-owl/suriGUI) - GUI for Suricata + Qubes OS.\n- [SuriGuard](https://github.com/SEc-123/SuriGuard1) - Web-based management system for Suricata IDS/IPS, featuring advanced analytics and visualization capabilities.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsatta%2Fawesome-suricata","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsatta%2Fawesome-suricata","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsatta%2Fawesome-suricata/lists"}