Intrusion Detection System

Host-based intrusion detection system

Suricata is a high performance Network Intrusion Detection and Prevention and Network Security Monitoring engine. Open Sourceopen in new window and owned by a community run non-profit foundation, the Open Information Security Foundation (OISFopen in new window). This tool is developed by the OISF and its supporting vendorsopen in new window.

This Host Intrusion Detection Systems Product is an Open Source Next Generation Intrusion Detection and Prevention Engine. Not intended just to replace or emulate the existing tools in the industry, but it will bring new ideas and technologies to the IT Security field.

OISF is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as through the very generous support of the members of the OISF Consortium. More information about the Consortium is available, as well as a list of our current Consortium Members.

Suricata

The Engine and the HTP Library are available to use under the GPLv2.

The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of Mod Security fame for the OISF. This integrates and provides very advanced processing of HTTP streams for. The HTP library is required by the engine, but may also be used independently in a range of applications and tools.

Top 3 Reasons You Should Try this Free IDS Software:

1. Highly Scalable

Multi threaded. This means you can run one instance and it will balance the load of processing across every processor on a sensor Suricata is configured to use. This allows commodity hardware to achieve 10 gigabit speeds on real life traffic without sacrificing ruleset coverage.

2. Protocol Identification

The most common protocols are automatically recognized as the stream starts, thus allowing rule writers to write a rule to the protocol, not to the port expected. This makes Suricata a Malware Command and Control Channel hunter like no other. Off port HTTP CnC channels, which normally slide right by most IDS systems, are child’s play for this great security tool! Furthermore, thanks to dedicated keywords you can match on protocol fields which range from http URI to a SSL certificate identifier.

3. File Identification, MD5 Checksums, and File Extraction

This security tool can identify thousands of file types while crossing your network! Not only can you identify it, but should you decide you want to look at it further you can tag it for extraction and the file will be written to disk with a meta data file describing the capture situation and flow. The file’s MD5 checksum is calculated on the fly, so if you have a list of md5 hashes you want to keep in your network, or want to keep out, this tool can find it.