Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-suricata
A curated list of awesome things related to Suricata
https://github.com/satta/awesome-suricata
Last synced: about 21 hours ago
JSON representation
-
Operations, Monitoring and Troubleshooting
- InfluxDB Suricata Input Plugin - Input Plugin for Telegraf to collect and forward Suricata `stats` logs (included out of the box in recent Telegraf releases).
- slinkwatch - Automatic enumeration and maintenance of Suricata monitoring interfaces.
- suri-stats - A tool to work on suricata `stats.log` file.
- Mauerspecht - Simple Probing Tool for Corporate Walled Garden Networks.
- ansible-suricata - Suricata Ansible role (slightly outdated).
- MassDeploySuricata - Mass deploy and update Suricata IDPS using Ansible IT automation platform.
- docker-suricata - Suricata Docker image.
- Suricata-Monitoring - LibreNMS JSON / Nagios monitor for Suricata stats.
- Terraform Module for Suricata - Terraform module to setup Google Cloud packet mirroring and send packets to Suricata.
- suricata_exporter - Simple Prometheus exporter written in Go exporting stats metrics scraped from Suricata socket.
-
Rule Sets
- Stamus Lateral Movement Detection Rules - Suricata ruleset to detect lateral movement.
- NF IDS rules
- 3CORESec NIDS - Sinkholes - Suricata ruleset focused on a curated list of public malware sinkholes (free).
- NF SCADA IDS Rules
- NF Scanners IDS Rules
- Quantum Insert detection for Suricata - Suricata rules accompanying Fox-IT's QUANTUM 2015 blog/BroCon talk.
- 3CORESec NIDS - Lateral Movement - Suricata ruleset focusing on lateral movement techniques (paid).
- PAW Patrules - Another free (CC BY-NC-SA) collection of rules for the Suricata engine.
- nids-rule-library - Collection of various open-source and commercial rulesets.
- QuadrantSec Suricata Rules - QuadrantSec Suricata rules.
- Cluster25/detection - Cluster25's detection rules.
- Hunting rules - Suricata IDS alert rules for network anomaly detection from Travis Green.
- opnsense-suricata-nmaps - OPNSense's Suricata IDS/IPS Detection Rules Against NMAP Scans.
- Antiphishing - Suricata rules and datasets to detect phishing attacks.
-
Training
- CDMCS - Cyber Defence Monitoring Course: Rule-based Threat Detection.
- Experimental Suricata Training Environment - Experimental Suricata Training Environment.
-
Rule/Security Content Management and Handling
- sidallocation.org - Sid Allocation working group, list of SID ranges.
- Lawmaker - Suricata IDS rule and fleet management system.
- Scirius - Web application for Suricata ruleset management and threat hunting.
- IOCmite - Tool to create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert.
- luaevilbit - An Evil bit implementation in luajit for Suricata.
- surify-cli - Generate suricata-rules from collection of IOCs (JSON, CSV or flags) based on your suricata template.
- suricata-prettifier - Command-line tool to format and syntax highlight Suricata rules.
- OTX-Suricata - Create rules and configuration for Suricata to alert on indicators from an OTX account.
- Aristotle - Simple Python program that allows for the filtering and modifying of Suricata and Snort rulesets based on interpreted key-value pairs present in the metadata keyword within each rule.
-
Systems Using Suricata
- pfSense - A free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality.
- OPNsense - An open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform.
- SELKS - A Suricata-based intrusion detection system/intrusion prevention system/network security monitoring distribution.
- Amsterdam - Docker based Suricata, Elasticsearch, Logstash, Kibana, Scirius aka SELKS.
-
Input Tools
- PacketStreamer - Distributed tcpdump for cloud native environments.
-
Output Tools
- suricata-kafka-output - Suricata Eve Kafka Output Plugin for Suricata 6.
- suricata-redis-output - Suricata Eve Redis Output Plugin for Suricata 7.
- Meer - Meer is a "spooler" for Suricata / Sagan.
- FEVER - Fast, extensible, versatile event router for Suricata's EVE-JSON format.
- Suricata-Logstash-Templates - Templates for Kibana/Logstash to use with Suricata IDPS.
- Lilith - Reads EVE files into SQL as well as search stored data.
-
Programming Libraries and Toolkits
- rust-suricatax-rule-parser - Experimental Suricata Rule Parser in Rust.
- go-suricata - Go Client for Suricata (Interacting via Socket).
- gonids - Go library to parse intrusion detection rules for engines like Snort and Suricata.
- surevego - Suricata EVE-JSON parser in Go.
- suricataparser - Pure python parser for Snort/Suricata rules.
- py-idstools - Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool).
-
Dashboards and Templates
-
Development Tools
- Suricata Language Server - Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured.
- suricata-ls-vscode - Suricata IntelliSense Extension using the Suricata Language Server.
- suricata-highlight-vscode - Suricata Rules Support for Visual Studio Code (syntax highlighting, etc).
- SublimeSuricata - Basic Suricata syntax highlighter for Sublime Text.
-
Documentation and Guides
- SEPTun - Suricata Extreme Performance Tuning guide.
- SEPTun-Mark-II - Suricata Extreme Performance Tuning guide - Mark II.
- suricata-4-analysts - The Security Analyst's Guide to Suricata.
- Suricata Community Style Guide - A collaborative document to collect style guidelines from the community of rule writers.
-
Analysis Tools
- Suricata Analytics - Various resources that are useful when interacting with Suricata data.
- Malcolm - A powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
- Evebox - Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search.
-
Simulation and Testing
-
Data Sets
- suricata-sample-data - Repository of creating different example suricata data sets.
-
Misc
- Suriwire - Wireshark plugin to display Suricata analysis info.
- bash_cata - A simple script that processes the generated Suricata eve-log in real time and, based on alerts, adds an ip-address to the MikroTik Address Lists for a specified time for subsequent blocking.
- suriGUI - GUI for Suricata + Qubes OS.
-
Plugins and Extensions
- suricata-zabbix - Zabbix application layer plugin for Suricata.
Programming Languages
Categories
Rule Sets
14
Operations, Monitoring and Troubleshooting
10
Rule/Security Content Management and Handling
9
Programming Libraries and Toolkits
6
Output Tools
6
Documentation and Guides
4
Systems Using Suricata
4
Dashboards and Templates
4
Development Tools
4
Analysis Tools
3
Simulation and Testing
3
Misc
3
Training
2
Data Sets
1
Input Tools
1
Plugins and Extensions
1
Sub Categories
Keywords
suricata
21
ids
9
intrusion-detection
5
network-security
5
security
5
ips
4
threat-hunting
3
cybersecurity
3
network
3
suricata-rules
3
suricata-rule
3
nsm
3
golang
2
monitoring
2
netsec
2
zeek
2
gui
2
snort
2
management
2
network-intrusion-detection
2
python
2
security-tools
2
user-interface
2
secops
2
pcap
2
linux
2
network-monitoring
2
container
1
docker
1
sensor-management
1
podman
1
terraform
1
prometheus
1
prometheus-exporter
1
client
1
go
1
parse
1
python3
1
forensics-tools
1
infosectools
1
network-analysis
1
observability
1
packet-capture
1
packet-sniffer
1
soc
1
tcpdump-like
1
traffic-monitoring
1
bloom-filter
1
eve
1
json
1