Suricata

Monitor your network for any suspicious activity

Request a DemoRead the Docs

App Info

Monitor Suricata logs to gain complete visibility into network activity with Panther’s Suricata integration.

Suricata is both an intrusion detection system (IDS) and intrusion prevention system (IPS) used for network security monitoring. Panther can collect, normalize, and monitor Suricata logs to help you identify suspicious activity in real time. Your normalized data is then retained to power future security investigations in a data lake powered by AWS or the cloud-native data platform, Snowflake.

Use Panther’s built in rules to monitor activity, or write your own detections in Python to fit your internal business use cases.

Use Cases

Common security use cases for Suricata with Panther include:

  • Identify lookups to suspicious domains that could indicate a phishing attack
  • Monitor traffic on remote access services like SSH, RDP, and more
  • Inspect blocked domains

How it Works

The integration is simple and fast:

  • Send Suricata logs to an S3 bucket using a log aggregation tool like Fluentd or Logstash
  • Add your S3 Bucket as a data source in Panther
  • Panther parses, normalizes, and analyzes your log data in real-time
  • As rules are triggered, alerts are sent to your configured destinations
  • Normalized logs can be searched from Panther’s Data Explorer (Enterprise only)
  • Sit back and monitor your activity!

Learn more about Panther's supported log schema for Suricata.