The Suricata Engine是一个开源的下一代入侵检测与防护引擎。旧版本的一些介绍参见这里：http://www.pulog.org/tools/542/ids-Suricata/。Suricata Engine和the HTP Library在GPLv2许可下使用。The HTP Library是一个HTTP的标准化和解析工具，它能够为Suricata Engine提供先进的HTTP流处理功能。目前，Suricata 更新至1.2.1版,新版主要改变如下:

• file name, type inspection and extraction for HTTP
• filename, fileext, filemagic and filestore keywords added
• “file” output for storing extracted files to disk
• file_data keyword support, inspecting normalized, dechunked, decompressed HTTP response body (feature #241)
• new keyword http_server_body, pcre regex /S option
• option to enable/disable core dumping from the suricata.yaml (enabled by default)
• human readable size limit settings in suricata.yaml (bug #333)
• PF_RING bpf support (required PF_RING >= 5.2) (feature #334)
• tos keyword support (feature #364)
• IPFW IPS mode does now support multiple divert sockets
• new IPS running modes, Linux and FreeBSD do now support “worker” and “autofp”
• app-layer-events keyword: similar to the decoder-events and stream-events, this will allow matching on HTTP and SMTP events
• auto detection of checksum offloading per interface (#311)
• urilen options to match on raw or normalised URI (#341)
• flow keyword option “only_stream” and “no_stream”
• unixsock output options for all outputs except unified2 (PoC python script in the qa/ dir) (#250)
• http_header and http_raw_header now also inspect HTTP response headers (#389, #397)

工具下载：http://www.openinfosecfoundation.org/download/suricata-1.2.1.tar.gz