Suricata is an Intrusion Detection and Prevention (IDS/IPS) engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support, file extraction capabilities, and many more features. It's capable of loading existing Snort rules and signatures, and supports many frontends through Barnyard2.
|Tags||IDS IPS Network Analysis Security snort IPv4 IPv6|
|Operating Systems||Linux FreeBSD Mac OS X Windows|
Release Notes: The GeoIP keyword was added. HTTP host header matching was added. New Unix socket commands were added. Napatech support was improved. IPFW support was improved. HTTP query string normalization was improved. Many issues were fixed.
Release Notes: Several stability and accuracy issues were fixed.
Release Notes: Interactive Unix Socket mode was added. IP Reputation support was added. A Lua scripting detection keyword was added. IP Defrag engine performance was much improved. Global thresholding was improved. AF_PACKET IPS mode support was added. File log output was improved. HTTP inspection was made more configurable. Live packet capture stats support was added. The stream reassembly engine was improved. TLS cert logging, storing, and fingerprint matching was added. Support for decoding various tunnel protocols was added. Delayed detection engine initialization support was added.
Release Notes: This release fixes a major flow engine memory leak, a case in which unified2 could overwrite its own alert files, and the Windows build.
Release Notes: Interactive Unix Socket mode was added. IP Reputation support was added. Command line options were improved. The rule analyzer was improved. File log output was improved. Endace DAG card live stats support was added. A new HTTP event was added. Many issues were fixed.