Suricata (software)

Suricata
Suricata
Developer	Open Information Security Foundation
Stable release	8.0.2 / 6 November 2025;2 months ago
Repository	github.com/OISF/suricata ;
Written in	C, Rust
Operating system	FreeBSD, Linux, UNIX, Mac OS X, Microsoft Windows
Type	Intrusion-detection system ; Intrusion prevention system ;
License	GNU General Public License
Website	suricata.io

Last updated February 05, 2026

Suricata is an open-source network analysis and threat detection software. The features include intrusion detection system (IDS) and intrusion prevention system (IPS) as well as network transaction logging and file extraction. It was developed by the Open Information Security Foundation (OISF). The first standard release was in July 2010.^[4]^[5]^[6]

Features

IDS and IPS

Suricata provides threat detection capabilities. In IDS mode, it is going to analyse the traffic and generate an alert when a signature matches.

In IPS mode, it acts like a firewall. It provides traffic filtering and monitoring and allows network administrators to write and enforce detection rules.^[5]

Suricata is able to detect common attack vectors such as port scanning, denial-of-service, pass-the-hash, and brute-force attacks.^[5]

Network monitoring

Suricata can be used to monitor network traffic in real time. It can log various types of network transactions, including HTTP, DNS, SMB and TLS sessions.

File extraction

Suricata can extract files from network traffic to disk for further analysis. It supports extraction over protocols such as FTP, HTTP, SMTP and SMB. It can also perform file type identification or hash computation of the files seen on the network without extracting them to disk.

PCAP logging

Suricata can log network traffic in PCAP format for later analysis with tools such as Wireshark. It also supports conditional pcap logging where only the traffic of flow where a rule matched is logged.

Event Format

Suricata logs events in the JSON format, which can be easily parsed and analyzed by other tools.

Release cycle

Typically, a major update of Suricata is released every 2 years.^[5]

Ruleset

Suricata uses a ruleset to perform detection and threat analysis. This ruleset is composed of signatures that define which behaviors on the network should trigger an alert event. The ruleset is usually constituted of signatures of various severity. Some are designed to alert on Common Vulnerabilities and Exposures exploitation and some are just there to select interesting events (like a software update) that could be meaningful during an investigation.^[5]

References

↑ "Release 8.0.2". 6 November 2025. Retrieved 7 November 2025.
↑ "Releases - OISF/suricata" – via GitHub.
↑ "Suricata license".
↑ "New Open Source Intrusion Detector Suricata Released". Slashdot. 2009-12-31. Retrieved 2011-11-08.
1 2 3 4 5 Rice-Jones, Joe (March 26, 2025). "5 reasons to use Suricata or Snort for your home lab firewall". XDA Developers .
↑ "Suricata Downloads". Open Security Information Foundation. Retrieved 2011-11-08.

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[wikidata-f3117b7895f43ad7d2872de910c6c3939c62c72f-v20-1] "Release 8.0.2". 6 November 2025. Retrieved 7 November 2025.

[github-releases-2] "Releases - OISF/suricata" – via GitHub.

[Suricata_license-3] "Suricata license".

[4] "New Open Source Intrusion Detector Suricata Released". Slashdot. 2009-12-31. Retrieved 2011-11-08.

[xda-5] 1 2 3 4 5 Rice-Jones, Joe (March 26, 2025). "5 reasons to use Suricata or Snort for your home lab firewall". XDA Developers .

[6] "Suricata Downloads". Open Security Information Foundation. Retrieved 2011-11-08.

[1]

[2]

[3]

[4]

[5]

[6]