Open-source tool helps Suricata signature developers with syntax checking and auto-completion
Stamus Networks, a global provider of high-performance network threat detection and response systems, today announced the general availability of Suricata Language Server (SLS), a new open-source tool that streamlines rule writing for Suricata signature developers. The tool is a Language Server Protocol (LSP) implementation that provides real-time syntax checking, performance guidance, and auto-completion of Suricata IDS signatures while using popular source code editors.
“Signatures are the foundation of all Suricata-based network detection and response (NDR) solutions. But the subtleties of writing signatures for Suricata can be problematic for the threat researcher,” said Éric Leblond, co-founder and chief technology officer of Stamus Networks. “A well-written signature can detect advanced attacks and variants with negligible false positives, while a poorly-written signature can negatively impact system performance. So, we developed this tool to help streamline the rule-writing process and ensure the rules are optimized for performance.”
The Suricata Language Server is available under the GPLv3 license and is hosted on Github. The documentation provides configuration examples for Microsoft Visual Studio Code, Neovim, Sublime Text, and Kate, but it will work for any editor that supports LSP. For the popular Visual Studio Code, the company released a turnkey plugin on Visual Studio Marketplace.
For more such updates and perspectives around Digital Innovation, IoT, Data Infrastructure, AI & Cybersecurity, go to AI-Techpark.com.