NetNerve

Network's nerve center, AI-powered.

Back to Blog
Product Update 4 min readJune 2026

Introducing Suricata IDS — 40,000+ Signatures Now Built In

NetNerve now runs Suricata IDS alongside its AI behavioral engine, providing signature-verified threat detection with automated MITRE ATT&CK mapping for every upload.

When we first built NetNerve, our goal was to make packet analysis accessible using Artificial Intelligence. LLMs are incredible at spotting behavioral anomalies, summarizing traffic flows, and explaining complex network events in plain English.

However, while AI excels at behavioral heuristics, it can sometimes miss highly specific, known attack vectors that require exact byte-matching signatures. That's why today, we're thrilled to announce our biggest backend upgrade yet: Full Suricata IDS Integration.

The Best of Both Worlds

Starting today for all Forensics tier users, every .pcap or .pcapng file uploaded to NetNerve is analyzed by a dual-engine pipeline:

The AI Engine

Continues to provide high-level summaries, behavioral analysis, and natural language explanations of your traffic.

The Suricata Engine

Scans the raw packets against over 40,000 active Emerging Threats (ET) signatures and our own custom ruleset.

Automated MITRE ATT&CK Mapping

Raw IDS alerts can be noisy and overwhelming. To solve this, we've built a translation layer that correlates Suricata alerts directly into the MITRE ATT&CK framework.

"If Suricata detects a suspicious DNS query indicative of a Command and Control beacon, NetNerve doesn't just show you the alert ID. It maps it to T1071.004 - Application Layer Protocol: DNS, providing immediate context on the adversary's tactics and techniques."

Performance and Privacy

Integrating a full IDS engine into a fast, web-based tool was an engineering challenge. We've deployed a highly optimized, sandboxed Suricata environment that processes captures entirely in-memory.

True to our Security First principles, your packet captures are still never written to disk, and the sandboxed Suricata environment is destroyed immediately after the analysis is complete.

Available Now

The Suricata IDS integration is live now for all Forensics tier users. The next time you upload a capture, you'll see a new Security tab in your results featuring signature-verified alerts and MITRE mapping.

We can't wait to see how this helps you secure your networks faster and more accurately than ever before.

Product Update Suricata
Introducing Suricata IDS — 40,000+ Signatures Now Built In | NetNerve