Suricata is an open source network threat detection engine that provides capabilities including intrusion detection (IDS), intrusion prevention (IPS) and network security monitoring. It does extremely well with deep packet inspection and pattern matching which makes it incredibly useful for threat and attack detection.
While many of the features and functionalities are similar to Snort – Suricata is different in several important ways:
- It’s multi-threaded so a single instance can perform at much higher traffic volumes;
- There is more support available for application layer protocols;
- It supports hashing and file extraction; and
- It has hooks for the Lua scripting language, which can be used to modify outputs and even create complex and detailed signature detection logic.