// arsenal·Blue TeamIntermediateFOSS

Suricata

OISF's multi-threaded NIDS — modern Snort-rule-compatible alternative.

Blue Team

$ suricata --help

Suricata

// what it is

Description

Open Information Security Foundation's IDS/IPS. Speaks Snort rules, plus a richer Lua scripting layer, native JSON event output (Suricata-EVE), and built-in TLS/HTTP/DNS protocol parsing.

// use cases

What people use it for

High-throughput network IDS
Modern Snort-rule deployments

// commands

The commands you'll type

Process pcap

$ suricata -r capture.pcap -l /tmp/output

// facts

category: Blue Team
platforms: LIN · WIN · MAC
license: FOSS
difficulty: Intermediate

// links

// related in Blue Team

Blue TeamIntermediate

Snort

The original open-source network intrusion detection system.

FOSS

LIN·WIN·MAC

open entry →

Blue TeamIntermediate

Wazuh

Open-source XDR + SIEM platform — OSSEC fork with modern dashboards.

FOSS

LIN·WIN·MAC

open entry →

Blue TeamIntermediate

TheHive

Open-source security incident response platform — case management for the SOC.

FOSS

LIN

open entry →