Suri Oculus: How the Quest for a Safer Internet Led to the Creation of an Efficient Network Security System
In today’s world, the internet has become an integral part of our lives. However, along with valuable information and opportunities, it has brought numerous unwanted phenomena: spam, intrusive advertisements, phishing sites, and other cyber threats. Confronted with this problem, I realized the need for monitoring and filtering internet traffic to protect my home network. The idea was to create a solution that could be used not only at home but also in a small office network.
Searching for the Optimal Solution
With a modest computer at my disposal—8 GB of RAM and an Intel i3 processor—I understood that resource-intensive solutions wouldn’t suffice. I chose the Fedora Linux operating system for its stability and flexibility. For traffic filtering, I selected Suricata IDS (https://suricata.io), one of the most effective intrusion detection systems capable of real-time operation and providing a high level of security.
The Advantages of Suricata
Suricata stands out among other IDS/IPS solutions for its performance and functionality. It supports multithreaded traffic processing, has a flexible rule system, and can analyze high-level protocols, making it the ideal choice for my objectives.
New Challenges
However, using Suricata brought new tasks: I needed to visualize its output, manage rules, and efficiently analyze logs. Existing solutions for these purposes, such as systems based on the ELK stack (Elastic, Logstash, Kibana), were too resource-intensive and unsuitable for my hardware.
Creating Suri Oculus
Realizing there were no ready-made solutions, I decided to develop my own system. This led to the creation of Suri Oculus (https://suri-oculus.com)—a high-performance IDS/IPS log management and analysis system built on Suricata and the Pistache framework (C++), using Redis as the database.
Key Features of Suri Oculus
Suricata Event Processing: User-friendly tools for viewing, analyzing, and searching logs, including quick access to the fast.log file for instant event display.
Rule Management: Ability to edit, delete, add, and block Suricata rules, tailoring the system to specific security requirements.
Custom Rules: Creation of additional rules to block certain types of sites and connections, such as social networks or advertising platforms.
Indicators of Compromise (IoC): Integration of up-to-date indicators to enhance threat detection efficiency and automate incident response.
Statistics and Analytics: Detailed analysis of network traffic, attacks, and other key security parameters.
Update Management: Support for automatic and manual updates of Suricata rules, as well as the creation of new ones based on observed activity.
Suricata Control: Convenient commands for restarting, stopping, and starting Suricata, simplifying management between IDS and IPS modes.
Technical Aspects of Development
Performance and Efficiency: Core components are written in C++ and Rust, ensuring high data processing speeds and low resource consumption.
Using Redis: Choosing Redis as the database accelerated data access and enhanced overall system performance.
Resource Optimization: Code and system architecture optimization ensured minimal memory usage, making Suri Oculus suitable for devices with varying specifications.
Scalability and Flexibility: The system’s architecture allows easy adaptation to individual needs and network scales.
System Components
Log Parser: A daemon service that processes data from the eve.json file, classifying them by event types for convenient analysis.
Backend: Developed in C++ using Pistache, it handles event processing, rule management, and access to statistical data.
Frontend: A web interface built with HTML and JavaScript, providing easy interaction with the system and access to all its features.
Oculus Tools: A set of Rust-based tools for managing rules and working with datasets, enhancing performance and security.
Plans and Prospects
Currently, Suri Oculus is undergoing active testing and further development. Upcoming plans include integrating an artificial intelligence module to improve threat detection and prevention.
The Importance of Feedback
We believe that collaboration with the user community will help make Suri Oculus even more effective and user-friendly. Your feedback, suggestions, and comments are extremely valuable to us. We invite all interested parties to visit our website and join the project’s development: https://suri-oculus.com.
Conclusion
The journey to creating Suri Oculus began with a simple idea of protecting my network and evolved into developing a full-fledged network security system. This project demonstrates that even with limited resources, it’s possible to create effective solutions capable of competing with major market products. We hope that Suri Oculus will become a useful tool for many and help make the internet a safer place for everyone.
