I was looking at the github repositories and came across the docker containers. I really liked the Zeek container and plan on experimenting with it. Does anyone know if a Suricata Container is available or where a good source for one is?

Please find the list of Suricata Docker Containers


Our next major release of RockNSM will be solely container based, supporting both a single-node and multi-node like we have today. We haven’t published the Suricata container yet but it should be along soon. We already have a branch of RockNSM that is actively used in production running in Kubernetes across multiple nodes. We’re trying to ensure we address the smaller resource use-cases, as we don’t want to abandon the focused mission sets.

For now, you’ll just have to stay tuned. It’s coming.

Wow, that sounds amazing. I know I was watching the brocon 2018 presentation on deploying the containers using Kubernetes. Though I can see what you are saying about the smaller use-cases. Now my current client is worried about the security aspects of using containers, seems some are still a bit frigid to the idea. In my opinion using the proper container monitoring systems should negate any special security concerns beyond the threat levels of other more traditional systems.



Security is our utmost priority, which is why it’s been slowly progressing. There’s some great improvements coming out of the container runtime communities, particularly out of the merging of RedHat and Fedora with CoreOS that provides a great security foundation as a container runtime platform. Namely, still runs SELinux (uber important in my book) and provides an immutable operating system. The RockNSM developers have been working with the CoreOS developers to ensure it will work well for an immutable sensor platform both stand-alone and as a Kubernetes cluster.

Lots of work to do still, but I’m excited.