awesome-suricata
github.com/satta/awesome-suricata ↗A curated list of awesome things related to Suricata
Use this list with your AI agent
Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:
"Show me rule sets resources from awesome-suricata"
Installation instructions →What's inside
Rule Sets
- 3CORESec NIDS - Lateral Movement
Suricata ruleset focusing on lateral movement techniques (paid).
- 3CORESec NIDS - Sinkholes
Suricata ruleset focused on a curated list of public malware sinkholes (free).
- Antiphishing
Suricata rules and datasets to detect phishing attacks.
- Cluster25/detection
Cluster25's detection rules.
- Hunting rules
Suricata IDS alert rules for network anomaly detection from Travis Green.
- NF IDS rules
Systems Using Suricata
- Amsterdam
Docker based Suricata, Elasticsearch, Logstash, Kibana, Scirius aka SELKS.
- Artica
Suricata IDS integration for the
- OPNsense
An open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform.
- pfSense
A free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality.
- SELKS
A Suricata-based intrusion detection system/intrusion prevention system/network security monitoring distribution.
- Shovel
Web interface to explore Suricata EVE outputs, with a primary focus on network analysis in CTF competitions.
Operations, Monitoring and Troubleshooting
- ansible-suricata
Suricata Ansible role (slightly outdated).
- docker-suricata
Suricata Docker image.
- InfluxDB Suricata Input Plugin
Input Plugin for Telegraf to collect and forward Suricata
- MassDeploySuricata
Mass deploy and update Suricata IDPS using Ansible IT automation platform.
- Mauerspecht
Simple Probing Tool for Corporate Walled Garden Networks.
- slinkwatch
Automatic enumeration and maintenance of Suricata monitoring interfaces.
Rule/Security Content Management and Handling
- Aristotle
Simple Python program that allows for the filtering and modifying of Suricata and Snort rulesets based on interpreted key-value pairs present in the metadata keyword within each rule.
- IOCmite
Tool to create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert.
- Lawmaker
Suricata IDS rule and fleet management system.
- luaevilbit
An Evil bit implementation in luajit for Suricata.
- OTX-Suricata
Create rules and configuration for Suricata to alert on indicators from an OTX account.
- Scirius
Web application for Suricata ruleset management and threat hunting.
Misc
- bash_cata
A simple script that processes the generated Suricata eve-log in real time and, based on alerts, adds an ip-address to the MikroTik Address Lists for a specified time for subsequent blocking.
- SuriGuard
Web-based management system for Suricata IDS/IPS, featuring advanced analytics and visualization capabilities.
- suriGUI
GUI for Suricata + Qubes OS.
- Suriwire
Wireshark plugin to display Suricata analysis info.
Training
- CDMCS
Cyber Defence Monitoring Course: Rule-based Threat Detection.
- Experimental Suricata Training Environment
Suricata Training Environment based on Docker(-Compose).
Simulation and Testing
Analysis Tools
- Evebox
Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search.
- Malcolm
A powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
- Suricata Analytics
Various resources that are useful when interacting with Suricata data.
Showing a sample of 80 resources. View the full list on GitHub →