Suricata Flow Analytics
Suricata Flow Analytics — Deep Analysis of Network Flow Events
Suri Oculus provides advanced Suricata Flow Analytics that help security engineers understand network behavior, detect anomalies, analyze communication patterns, and identify suspicious hosts. The module processes flow events in real time and is optimized for both high-performance servers and low-power devices.
Real-Time Flow Event Processing
Flow events are delivered through Redis directly from Suricata, ensuring:
minimal latency
high throughput
low CPU overhead
consistent real-time performance
Suri Oculus visualizes all flow activity instantly, with filtering and navigation across hundreds of thousands of events.
Behavioral Metrics and Flow Profiles
Each flow event contains valuable behavioral metadata.
Suri Oculus extracts and processes:
packet/byte counters
timing intervals
protocol distribution
directionality (src→dst)
session duration
TCP flags
state transitions
unusual patterns or deviations
These metrics allow engineers to identify abnormal behavior quickly.
AI-Powered Flow Anomaly Detection
Integrated with the AI module, Flow Analytics supports:
flow-level anomaly scoring
behavioral clustering
identification of outlier sessions
deviations from baseline profiles
rapid detection of suspicious communication
The Isolation Forest model is trained on real flow datasets and fine-tuned for Suricata.
Designed for Low-Power Hardware
Flow Analytics is optimized for systems with limited resources:
small office routers
home network appliances
ARM-based boards
cloud micro-instances
The UI uses pure JavaScript, ensuring fast rendering without heavy frameworks.
Related Modules
Explore other modules:
AI Traffic Analysis –
/suricata-ai-analysis- Suricata TLS Analysis –
/suricata-tls-analysis Suricata Dashboard –
/suricata-dashboardLog Viewer –
/suricata-log-viewer
External Resources
Learn more about Suricata Flow events:
– https://suricata.io/documentation/
