Overview#

Modern Open-Source IDS Engines like Suricata offers robust network threat detecting capabilities that challenges expensive commercial IDSs, the number of features is growing everyday and thousands of organizations & companies are utilizing Suricata to defend their networks.

When picking an Open-Source IDS, You will benefit from having Freedom from vendors lock-in, being Cost effective, Security, Transparency, Flexibility and much more!

However, one limitation that often Open-Source IDS Engines users faces is the absence of a User Interface from which you can deploy, configure & monitor the services, this becomes a serious issue when you are running multiple IDS deployments in multiple clusters.

Another challenge is managing the Rulesets, As they comes in text files, there is no built-in way to edit them from a UI, rules update becomes prohibitively time-consuming as you will need to merge all changes you have made to the new rules files.

Moreover, since those rules are deployed in text file, the SOC Analysts might not have visibility on them, and won’t be able to tune, enable or disable them without the involvement of the sysadmins.

Lastly, Configuring alerting on IOCs has a learning curve to it and will often suffer from the same issues when you attempt to update your IOCs list, let alone the need for a Threat Intelligence Management Solution and a way to auto-update the IDS with new IOCs.

IDSTower will help you manage Suricata IDS more effectively by solving the above problems and more!, features includes:

  • Central Multi-User Web Interface to deploy, configure & monitor Suricata Clusters.

  • Powerful Rules Management Interface that help you organize rules effectively, import new rules and deploy changes automatically to your IDS hosts.

  • Intelligent Rules Parsing & Transformation capabilities that enables you to tune the rules and carry-forward all the continues improvements your Analysts do on the rules without jeopardizing your ability to update to the latest community-authored rules.

  • Complete IOCs Life-Cycle Management, covering ingestion from feeds, scoring, auto-deployment & auto-expiry, with manual control when needed.

  • Easy-to-Use IOCs Management Interface that gives you total control over enabled IOCs, with integrated references to investigation tools like VirusTotal, IpInfo & SecurityTrails.

  • Out-of-the-box integration with 14 Threat Intelligence feeds (free & commercial) that covers both IDS Rules & indicators of compromise (IOCs), with total control on rule import behavior, update frequency, assigned score & auto-expiry date.

  • Custom Rules and IOCs feeds support, including TAXII/STIX, MISP and generic feeds (Text, CSV , json).

  • and many other features!