Open-source tool helps Suricata signature developers with syntax checking and auto-completion
INDIANAPOLIS and PARIS, Jan. 18, 2022 /PRNewswire/ — Stamus Networks, a global provider of high-performance network threat detection and response systems, today announced the general availability of Suricata Language Server (SLS), a new open-source tool that streamlines rule writing for Suricata signature developers. The tool is a Language Server Protocol (LSP) implementation that provides real-time syntax checking, performance guidance, and auto-completion of Suricata IDS signatures while using popular source code editors.
Suricata Language Server (SLS), a new open-source tool that streamlines rule writing for Suricata signature developers by providing real-time syntax checking, performance guidance, and auto-completion of Suricata IDS signatures while using popular source code editors.
"Signatures are the foundation of all Suricata-based network detection and response (NDR) solutions. But the subtleties of writing signatures for Suricata can be problematic for the threat researcher," said Éric Leblond, co-founder and chief technology officer of Stamus Networks. "A well-written signature can detect advanced attacks and variants with negligible false positives, while a poorly-written signature can negatively impact system performance. So, we developed this tool to help streamline the rule-writing process and ensure the rules are optimized for performance."
The Suricata Language Server is available under the GPLv3 license and is hosted on Github. The documentation provides configuration examples for Microsoft Visual Studio Code, Neovim, Sublime Text, and Kate, but it will work for any editor that supports LSP. For the popular Visual Studio Code, the company released a turnkey plugin on Visual Studio Marketplace.
To learn more about the Suricata Language Server, visit the Stamus Networks website blog post detailing the application.
About Stamus Networks
Stamus Networks believes in a world where defenders are heroes, and a future where those they protect remain safe. As organizations face threats from well-funded adversaries, we relentlessly pursue solutions that make the defender’s job easier and more impactful. A global provider of high-performance network-based threat detection and response systems, Stamus Networks helps enterprise security teams know more, respond sooner and mitigate their risk with insights gathered from cloud and on-premise network activity. Our solutions are advanced network detection and response systems that expose serious and imminent threats to critical assets and empower rapid response. For more information visit: stamus-networks.com.