Network IDS, IPS, and NSM engine for monitoring and protecting traffic
- Stars6.4k
- Forks1.7k
- Open Issues81
GPL-2.0
- C
- Rust
- Shell
About Suricata
Suricata is a high-performance network IDS, IPS, and NSM engine that inspects traffic to detect and stop threats. It is used widely across private and public organizations and embedded by major vendors to protect their networks.
It works in two modes: passive monitoring that flags suspicious activity, and inline prevention that drops malicious packets as they pass. Detection runs against rule sets that match attacks, probes, and protocol anomalies on live links or recorded captures.
Because it sits directly in front of untrusted, often attacker-reachable traffic, it is engineered for reliability under hostile input. It runs on Linux, Windows, and macOS, and is developed in the open by the OISF and the Suricata community.
Key features
- Network IDS, IPS, and NSM in one engine
- Passive monitoring and inline prevention modes
- Rule-based detection of attacks and anomalies
- Inspects live traffic or recorded packet captures
- Hardened against untrusted, attacker-facing input
Details
- On GitHub since
- 2012
- Platforms
- Linux · Windows · macOS
- Modes
- IDS · IPS · NSM
- Detection
- Rule-based signatures
- Governance
- OISF and community
- License
- GPL-2.0