Hi Suricata community,
I’d like to share a project I’ve been building: a custom security firewall powered by Suricata.
The goal of this project was to go beyond a basic IDS/IPS setup and build something more practical for real-world security operations. I wanted a system that not only inspects traffic and detects suspicious behavior, but also provides clearer visibility and a more useful workflow for monitoring and analysis.
This build is currently focused on:
-
Real-time traffic inspection
-
Detection of suspicious and potentially malicious activity
-
Alert generation and analysis
-
Rule tuning to improve detection quality
-
Reducing unnecessary noise for more actionable monitoring
-
Better operational visibility across the network
One of the most valuable parts of working on this project has been learning how to balance detection depth, performance, and maintainability. Instead of treating Suricata as just a passive monitoring tool, I’ve been building around it as a stronger defensive layer that can support more practical day-to-day security use.
The project is still evolving, but I’m very encouraged by the progress so far. It has been a great hands-on experience and a strong opportunity to better understand how Suricata can be used in a more complete and operationally useful way.
I’m sharing this here because I’d be glad to hear feedback from others in the community, especially around:
-
performance tuning
-
rule management strategy
-
alert optimization
-
ideas for long-term hardening and deployment
Thank you to the Suricata team for building such a powerful open-source security platform and for making it possible for builders like us to learn, experiment, and create real-world defensive solutions.
Looking forward to your thoughts.
