Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-suricata

A curated list of awesome things related to Suricata
https://github.com/satta/awesome-suricata

Last synced: about 21 hours ago
JSON representation

  • Operations, Monitoring and Troubleshooting

    • InfluxDB Suricata Input Plugin - Input Plugin for Telegraf to collect and forward Suricata `stats` logs (included out of the box in recent Telegraf releases).
    • slinkwatch - Automatic enumeration and maintenance of Suricata monitoring interfaces.
    • suri-stats - A tool to work on suricata `stats.log` file.
    • Mauerspecht - Simple Probing Tool for Corporate Walled Garden Networks.
    • ansible-suricata - Suricata Ansible role (slightly outdated).
    • MassDeploySuricata - Mass deploy and update Suricata IDPS using Ansible IT automation platform.
    • docker-suricata - Suricata Docker image.
    • Suricata-Monitoring - LibreNMS JSON / Nagios monitor for Suricata stats.
    • Terraform Module for Suricata - Terraform module to setup Google Cloud packet mirroring and send packets to Suricata.
    • suricata_exporter - Simple Prometheus exporter written in Go exporting stats metrics scraped from Suricata socket.
  • Rule Sets

  • Training

  • Rule/Security Content Management and Handling

    • sidallocation.org - Sid Allocation working group, list of SID ranges.
    • Lawmaker - Suricata IDS rule and fleet management system.
    • Scirius - Web application for Suricata ruleset management and threat hunting.
    • IOCmite - Tool to create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert.
    • luaevilbit - An Evil bit implementation in luajit for Suricata.
    • surify-cli - Generate suricata-rules from collection of IOCs (JSON, CSV or flags) based on your suricata template.
    • suricata-prettifier - Command-line tool to format and syntax highlight Suricata rules.
    • OTX-Suricata - Create rules and configuration for Suricata to alert on indicators from an OTX account.
    • Aristotle - Simple Python program that allows for the filtering and modifying of Suricata and Snort rulesets based on interpreted key-value pairs present in the metadata keyword within each rule.
  • Systems Using Suricata

    • pfSense - A free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality.
    • OPNsense - An open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform.
    • SELKS - A Suricata-based intrusion detection system/intrusion prevention system/network security monitoring distribution.
    • Amsterdam - Docker based Suricata, Elasticsearch, Logstash, Kibana, Scirius aka SELKS.
  • Input Tools

  • Output Tools

    • suricata-kafka-output - Suricata Eve Kafka Output Plugin for Suricata 6.
    • suricata-redis-output - Suricata Eve Redis Output Plugin for Suricata 7.
    • Meer - Meer is a "spooler" for Suricata / Sagan.
    • FEVER - Fast, extensible, versatile event router for Suricata's EVE-JSON format.
    • Suricata-Logstash-Templates - Templates for Kibana/Logstash to use with Suricata IDPS.
    • Lilith - Reads EVE files into SQL as well as search stored data.
  • Programming Libraries and Toolkits

    • rust-suricatax-rule-parser - Experimental Suricata Rule Parser in Rust.
    • go-suricata - Go Client for Suricata (Interacting via Socket).
    • gonids - Go library to parse intrusion detection rules for engines like Snort and Suricata.
    • surevego - Suricata EVE-JSON parser in Go.
    • suricataparser - Pure python parser for Snort/Suricata rules.
    • py-idstools - Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool).
  • Dashboards and Templates

    • KTS - Kibana 4 Templates for Suricata IDPS Threat Hunting.
    • KTS5 - Kibana 5 Templates for Suricata IDPS Threat Hunting.
    • KTS6 - Kibana 6 Templates for Suricata IDPS Threat Hunting.
    • KTS7 - Kibana 7 Templates for Suricata IDPS Threat Hunting.
  • Development Tools

    • Suricata Language Server - Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured.
    • suricata-ls-vscode - Suricata IntelliSense Extension using the Suricata Language Server.
    • suricata-highlight-vscode - Suricata Rules Support for Visual Studio Code (syntax highlighting, etc).
    • SublimeSuricata - Basic Suricata syntax highlighter for Sublime Text.
  • Documentation and Guides

  • Analysis Tools

    • Suricata Analytics - Various resources that are useful when interacting with Suricata data.
    • Malcolm - A powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
    • Evebox - Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search.
  • Simulation and Testing

    • Leonidas - Automated Attack Simulation in the Cloud, complete with detection use cases.
    • speeve - Fast, probabilistic EVE-JSON generator for testing and benchmarking of EVE-consuming applications.
    • Dalton - Suricata and Snort IDS rule and pcap testing system.
  • Data Sets

  • Misc

    • Suriwire - Wireshark plugin to display Suricata analysis info.
    • bash_cata - A simple script that processes the generated Suricata eve-log in real time and, based on alerts, adds an ip-address to the MikroTik Address Lists for a specified time for subsequent blocking.
    • suriGUI - GUI for Suricata + Qubes OS.
  • Plugins and Extensions