Stamus Networks Unveils Suricata Language Server 2.0 with AI Integration for Enhanced Security

Stamus Networks Unveils Suricata Language Server 2.0

Stamus Networks, a leader in Suricata-based network security, has released the latest version of their open-source tool, Suricata Language Server (SLS) 2.0. This significant update introduces advanced features that enhance the rule development process, reduce errors, and streamline validation for large-scale Suricata deployments.

Key Features of SLS 2.0

SLS 2.0 is designed to support modern detection engineering workflows, integrating artificial intelligence (AI) capabilities that assist users in writing and explaining Suricata signatures. Unlike conventional large language models (LLMs), which can offer approximations and may lack reliable validation, SLS 2.0 automatically checks the syntax and compliance of generated signatures. This ensures developers can trust the outputs that the tool provides.

Automated GitHub Actions

In today’s fast-paced environment, effective validation systems are crucial for engineering workflows. SLS 2.0 meets this need by incorporating GitHub Actions, which automatically verify signatures within repositories. This integration allows automated quality checks in CI/CD pipelines, ensuring that builds fail on any syntax errors or warnings.

Signature ID Tracking

One of the standout features of SLS 2.0 is its ability to track Signature IDs (SIDs) across the workspace. The tool automatically flags conflicts between rule files, alerting engineers immediately to any duplicate SIDs. This proactive approach not only enhances deployment accuracy but also improves the integrity of the overall rule set.

Real-Time Diagnostics

With real-time validation, SLS 2.0 analyzes rules directly from the editor’s buffer, providing instant feedback without needing to save files. Additionally, the tool highlights deprecated Suricata keywords right in the editor, guiding teams in modernizing syntax and phasing out outdated constructs.

Modernized Architecture

The architectural overhaul of SLS 2.0 includes a complete migration to pygls 2.0+, simplifying the code and eliminating the need for custom handling of the language server protocol. This refined architecture not only boosts reliability and performance but also paves the way for future enhancements.

Eric Leblond, co-founder and CTO of Stamus Networks, emphasized that as detection engineering becomes more complex, integrating CI workflows and AI-driven capabilities into Suricata rule development is vital. This improvement enables detection engineers to validate signatures effectively before production and take full advantage of AI assistance as Suricata syntax evolves.

Installation and Resources

Suricata Language Server 2.0 is now available for users. Comprehensive documentation, release details, and installation instructions can be found on Stamus Networks’ official website. For more insights, visit SLS 2.0 Blog.

About Stamus Networks

Stamus Networks stands at the forefront of Suricata-based network security solutions, having developed the innovative Clear NDR® system. This product aims to fill visibility gaps and minimize alert fatigue, transforming network traffic into actionable security intelligence. Trusted by leading financial institutions and government agencies, Stamus has proven its effectiveness over nine years, participating in significant NATO cybersecurity exercises. By empowering security teams, Stamus Networks delivers clarity amidst complexity, ensuring better control with fewer false positives and quicker response times.