82 Open source projects that are alternatives of or similar to Suricata Rules

gonids is a library to parse IDS rules, with a focus primarily on Suricata rule compatibility. There is a discussion forum available that you can join on Google Groups: https://groups.google.com/forum/#!topic/gonids/

A Suricata Docker image.

idstools: Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool)

A Suricata based IDS/IPS distro

An extremely crude, lightweight Web Frontend for Suricata/Bro to be used with BriarIDS

The tool for updating your Suricata rules.

Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search

Machine learning based Intrusion detection system (IDS)

BRO/Zeek IDS content pack contains pipeline rules, a stream, a dashboard displaying interesting activity, and a syslog tcp input to capture and index BRO/Zeek logs coming from a remote sensor.

An IDS implementation using machine learning

Super short, fully unique, non-sequential and URL-friendly Ids

A website and framework for testing NIDS detection

Zeek IDS Dockerfile

IDS using a port mirror, Snort and an alert -> RESTCONF utility

BSM based intrusion detection system

Ansible playbook automation for pfelk

This project is a SIEM with SIRP and Threat Intel, all in one.

Wazuh - Ruleset

A kubernetes controller running on bare-metal firewalls, creating nftables rules, configures suricata, collects network metrics

pcapdj - dispatch pcap files

Centralize Management of Intrusion Detection System like Suricata Bro Ossec ...

UTM Firewall on OpenBSD

fast, extensible, versatile event router for Suricata's EVE-JSON format

Fragscapy is a command-line tool to fuzz network protocols by automating the modification of outgoing network packets. It can run multiple successive tests to determine which options can be used to evade firewalls and IDS.

Wazuh - Kibana plugin

WIFI / LAN intruder detector. Check the devices connected and alert you with unknown devices. It also warns of the disconnection of "always connected" devices

Detect x86 shellcode in files and traffic.

Simple Implementation of Network Intrusion Detection System. KddCup'99 Data set is used for this project. kdd_cup_10_percent is used for training test. correct set is used for test. PCA is used for dimension reduction. SVM and KNN supervised algorithms are the classification algorithms of project. Accuracy : %83.5 For SVM , %80 For KNN

dpdk infrastructure for software acceleration. Currently working on RX and ACL pre-filter

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

❄️ Extract links, ids, and names from a youtube playlist

collector for XDR and security posture service

Wazuh - Ansible playbook

QNSM is network security monitoring framework based on DPDK.

Wazuh - Tools for packages creation

高效的分布式id生成器，每个客户端实例tps可达到100万，服务端毫无压力。即使服务端宕机了，id生成依然可用。支持多数据中心，支持id加密。

Mapping NSM rules to MITRE ATT&CK

Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)

Wazuh - Amazon AWS Cloudformation

Open Source EDR for Windows

Hashids, ported for Perl

RDP honeypot

Generic Signature Format for SIEM Systems

A script using Docker to quickly bring up some honeypots exposing lots of services. For research, reconnaissance, and fun. (DISCLAIMER may not be fun, not to be taken internally, aim away from face)

Hashids implementation in Rust

** README ** This repo has MOVED to https://github.com/quadrantsec/sagan

Wazuh - Docker containers

Real-time detection and defense against malicious network activity and policy violations (exploits, port-scanners, advertising, telemetry, state surveillance, etc.)

Wazuh - The Open Source Security Platform

A small JavaScript library to generate YouTube-like ids from numbers.

Quantum Insert

S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator

The DearBytes remote integrity tool is an IDS (Intrusion Detection System) that keeps track of files on a remote server and logs an event if a file gets added, removed or modified.

Easily Expandable Wireless Intrusion Detection System

Suricata git repository maintained by the OISF

A curated list of amazingly awesome Cybersecurity datasets

Pulled Pork for Snort and Suricata rule management (from Google code)

Yara powered NIDS with high speed packet capture powered by PF_RING

🚌 The missing link to connect open-source threat intelligence tools.

An Ubuntu 16.04 build containing Suricata, PulledPork, Bro, and Splunk