Suricata (software)
| Suricata
|
|
|---|---|
|
|
| Basic data
|
|
| developer | Open Information Security Foundation |
| Current version | 5.0.2 (02/13/2020) |
| operating system | FreeBSD , Linux , Unix , macOS , Windows |
| programming language | C , Rust |
| category | Intrusion Detection System |
| License | GPL |
| German speaking | No |
| suricata-ids.org | |
Suricata is a Network Intrusion Detection System (NIDS). It is developed and maintained by the Open Information Security Foundation (OISF). The software is available under a free GPLv2 license. In addition to the operation as IDS, Suricata also offers a Network Intrusion Prevention System (NIPS) mode, which intervenes directly in the data traffic and can block packets.
Suricata comes in some free firewall - distributions as IPFire , pfSense , opnsense and Security Onion as IDS or IPS used. Commercial providers such as FireEye also use Suricata in their products and, as consortium members of the OISF, also provide financial support.
Features
- Multithreading
- PCAP analysis
- IPv6 support
- Automatic protocol detection
- Protocol - Parser
- HTTP engine (libhtp)
- PCRE support
- Lua scripts
- Intel hyperscan
- Eve JSON log output
- Redis
- File extraction
- High-performance packet recording
- AF_PACKET
- PF_RING
- NETMAP
- IP reputation
history
The development of Suricata began in 2008 by Matt Jonkman, Will Metcalf and Victor Julien, who is still the main developer of the project. In November 2015, the first Suricata conference (SuriCon) took place in Barcelona, with further editions in 2016 in Washington DC, 2017 in Prague, 2018 in Vancouver and 2019 in Amsterdam.
See also
literature
- Andreas Herz: Looking deep - intrusion detection with open source software . In: iX , edition 2/2017, pp. 72–76.
- Andreas Herz: Regulated traffic - configuration and operation of Suricata . In: iX , edition 5/2017, pp. 132–135.
- Chris Sanders, Jason Smith: Applied Network Security Monitoring: Collection, Detection, and Analysis , Syngress, December 2013, ISBN 978-0-12-417208-1 .
Web links
- Official website
- OISF - Foundation behind Suricata
- emergingthreats.net - Community for Suricata signatures