[blog] The Hidden Value of Suricata Detection Events: NSM-Enriched IDS Alerts

Most casual Suricata users don’t understand …

There is a wealth of valuable information contained in a Suricata detection event record (aka “alert”). Beginning in 2014, the world’s most popular open-source security engine - Suricata - has included the complete application-layer metadata in every IDS alert record.

So, it’s all there - right in the alert record.

Despite what some vendor marketing implies, if you’ve got Suricata, there is NO NEED to:

  • perform any external correlation
  • deploy a separate NSM
  • waste CPU cycles by combining two detection engines in the same sensor

Read more in this article by Eric LEBLOND: