Suricata

Suricata is a high-performance, open-source network threat detection engine that provides intrusion detection (IDS), intrusion prevention (IPS), and network security monitoring capabilities. It inspects network traffic using a powerful rules language and supports multi-threaded processing for high-speed network environments.

Suricata generates EVE JSON logs containing detailed alert, flow, DNS, HTTP, TLS, and file transaction records. It supports Emerging Threats and other community and commercial rule sets, detecting a wide range of threats including malware communications, exploitation attempts, policy violations, and protocol anomalies. Its rich log output makes it valuable for both real-time alerting and retrospective threat hunting.