Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

:star: :star: Distributed tcpdump for cloud native environments :star: :star:

A Suricata based NDR distribution

Suricata IDS rules 用来检测红队渗透/恶意行为等，支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等

Tenzir is the data pipeline engine for security teams.

Scirius is a web application for Suricata ruleset management and threat hunting.

QNSM is network security monitoring framework based on DPDK.

Suricata, Snort and Zeek IDS rule and pcap testing system

Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search

This project is a SIEM with SIRP and Threat Intel, all in one.

Pulled Pork for Snort and Suricata rule management (from Google code)

Evasion by machine code de-optimization.

Nmap&Zmap特征识别，绕过IDS探测

A website and framework for testing NIDS detection

A Suricata Docker image.

The tool for updating your Suricata rules.

idstools: Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool)

Suricata IDS/IPS log analytics using the Elastic Stack.

An All-In-One home intrusion detection system (IDS) solution for the Raspberry PI.

A curated list of awesome things related to Suricata

Lab4PurpleSec is a modular Purple Team homelab combining a vulnerable Active Directory environment (GOAD), a Docker-based web DMZ, pfSense + Suricata, and a Wazuh SIEM. It provides a realistic, open-source training environment for web exploitation, pivoting, Active Directory attacks, and Blue Team detection.

Suricata Extreme Performance Tuning guide

CVE-2020-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule

Sagan is a multi-threads, high performance log analysis engine. At it's core, Sagan similar to Suricata/Snort but with logs rather than network packets.

gonids is a library to parse IDS rules, with a focus primarily on Suricata rule compatibility. There is a discussion forum available that you can join on Google Groups: https://groups.google.com/forum/#!topic/gonids/

Docker based Suricata, Elasticsearch, Logstash, Kibana, Scirius aka SELKS

Suricata rules for network anomaly detection

Dynamic and static analysis with Real Time Malware/Executable Analysis Platform for Windows, including open-source XDR (3 EDR projects), ClamAV, YARA-X, machine learning AI, behavioral analysis, Unpacker, Deobfuscator, Decompiler, website signatures, Ghidra, Suricata, Sigma, Kernel, Hypervisior based protection and much more than you can imagine.