Suricata
High-performance IDS/IPS and network security monitoring with multi-threading, TLS inspection options, and Lua scripting.
Why it is included
OISF-backed engine widely deployed beside Zeek for signature and protocol-aware detection.
Best for
SOC stacks, SPAN/TAP monitoring, and inline prevention where policy allows.
Strengths
- IPS mode
- Eve JSON
- Emerging Threats rules ecosystem
Limitations
- Hardware sizing and TLS inspection have operational cost
Good alternatives
Snort · Zeek
Related tools
Security & Privacy
Zeek
Network security monitor producing rich logs (conn, DNS, HTTP, SSL, files) for analytics—not a classic IDS signature engine.
Security & Privacy
Snort
Classic packet-sniffing IDS/IPS with rule language and community rule feeds; Snort 3 improves scaling.
Security & Privacy
Wazuh
Open security platform combining SIEM, XDR, file integrity monitoring, and compliance checks across endpoints and cloud.
Security & Privacy
Arkime
Large-scale full packet capture, indexing, and search (SPIE) with a web UI—successor to the Moloch lineage for NSM teams.
Security & Privacy
OpenCanary
Thinkst low-interaction honeypot daemon emulating services (SSH, HTTP, SMB, etc.) to generate tamper-evident intrusion signals.
Security & Privacy
Wireshark
Network protocol analyzer for deep packet inspection and forensic debugging.