Suricata (software)
Suricata adalah IDS, IPS dan monitoring engine untuk jaringan yang berkinerja tinggi. Suricata adalah open source dan dimiliki oleh masyarakat yang dikelola yayasan non-profit, Open Information Security Foundation (OISF). Suricata dikembangkan oleh OISF dan vendor pendukungnya.
Tiga (3) alasan utama mengapa kita perlu mencoba Suricata:
- Highly Scalable - Suricata adalah multi threaded. Ini berarti anda dapat menjalankan satu instance dan akan menyeimbangkan beban pengolahan di setiap prosesor pada sensor Suricata yang dikonfigurasi untuk menggunakan. Hal ini memungkinkan perangkat keras komoditas untuk mencapai kecepatan 10 gigabit pada lalu lintas real tanpa mengorbankan cakupan ruleset.
- Identifikasi Protocol -
The most common protocols are automatically recognized by Suricata as the stream starts, thus allowing rule writers to write a rule to the protocol, not to the port expected. This makes Suricata a Malware Command and Control Channel hunter like no other. Off port HTTP CnC channels, which normally slide right by most IDS systems, are child’s play for Suricata! Furthermore, thanks to dedicated keywords you can match on protocol fields which range from http URI to a SSL certificate identifier.
3. File Identification, MD5 Checksums, and File Extraction
Suricata can identify thousands of file types while crossing your network! Not only can you identify it, but should you decide you want to look at it further you can tag it for extraction and the file will be written to disk with a meta data file describing the capture situation and flow. The file’s MD5 checksum is calculated on the fly, so if you have a list of md5 hashes you want to keep in your network, or want to keep out, Suricata can find it.
Suricata has many more great features, and we hope you give it a run. It’s free, it’s fast, and it’s going to be here long term!
Lebih Dalam
- Suricata: Instalasi di Ubuntu
- Suricata: Konfigurasi Dasar
- Suricata: Manajemen Rule dengan Oinkmaster
- Suricata: Instalasi Snorby & barnyard2