Difference between revisions of "Suricata"

From OnnoWiki
Jump to navigation Jump to search
Line 20: Line 20:
  
  
==Lebih Dalam==
+
==Pranala Menarik==
  
 +
* [[Suricata]]
 +
* [[Suricata (software)]]
 
* [[Suricata: Instalasi di Ubuntu]]
 
* [[Suricata: Instalasi di Ubuntu]]
 
* [[Suricata: Instalasi di Ubuntu 18.04]]
 
* [[Suricata: Instalasi di Ubuntu 18.04]]
Line 27: Line 29:
 
* [[Suricata: Test DDoS Attack]]
 
* [[Suricata: Test DDoS Attack]]
 
* [[Suricata: Konfigurasi Dasar]]
 
* [[Suricata: Konfigurasi Dasar]]
* [[Suricata: Basic Setup]]
 
 
* [[Suricata: Manajemen Rule dengan Oinkmaster]]
 
* [[Suricata: Manajemen Rule dengan Oinkmaster]]
 
* [[Suricata: Instalasi Snorby & barnyard2]]
 
* [[Suricata: Instalasi Snorby & barnyard2]]

Revision as of 10:41, 30 March 2020

Suricata is an opensource network threat detection tool. Suricata uses rules and signatures to detect threat in network traffic. It also supports Lua scripting language that helps it unearth the most complex would be threats in the network. Suricata is a product of Open Information Security Foundation. It is capable of providing NIDS, IPS, NSM and offline pcap processing. It can be integrated with other tools such as BASE, Snorby, Sguil, SQueRT, ELK, SIEM solutions etc.

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.

Top 3 Reasons You Should Try Suricata:

1. Highly Scalable

Suricata is multi threaded. This means you can run one instance and it will balance the load of processing across every processor on a sensor Suricata is configured to use. This allows commodity hardware to achieve 10 gigabit speeds on real life traffic without sacrificing ruleset coverage.

2. Protocol Identification

The most common protocols are automatically recognized by Suricata as the stream starts, thus allowing rule writers to write a rule to the protocol, not to the port expected. This makes Suricata a Malware Command and Control Channel hunter like no other. Off port HTTP CnC channels, which normally slide right by most IDS systems, are child’s play for Suricata! Furthermore, thanks to dedicated keywords you can match on protocol fields which range from http URI to a SSL certificate identifier.

3. File Identification, MD5 Checksums, and File Extraction

Suricata can identify thousands of file types while crossing your network! Not only can you identify it, but should you decide you want to look at it further you can tag it for extraction and the file will be written to disk with a meta data file describing the capture situation and flow. The file’s MD5 checksum is calculated on the fly, so if you have a list of md5 hashes you want to keep in your network, or want to keep out, Suricata can find it.

Suricata has many more great features, and we hope you give it a run. It’s free, it’s fast, and it’s going to be here long term!


Pranala Menarik

Referensi