How does Suri Oculus differ from “pure” Suricata?

Suricata is an IDS/IPS engine. It analyzes network traffic and writes events to logs.
Suri Oculus is a management and analytics layer built around Suricata.

Key differences:

• centralized management of Suricata (configuration, modes, rules);
• storage and processing of events via Redis instead of direct work with eve.json;
• a web interface for analysis, filtering, and visualization;
• AI modules for anomaly detection (Flow, DNS, TLS, HTTP, etc.);
• designed to run on low- and mid-range hardware.

In simple terms: Suricata is a sensor, Suri Oculus is an observation and analysis system.