This overcomes the blindness that Snort has to own signatures break up above various TCP packets. Suricata waits till every one of the details in packets is assembled ahead of it moves the data into analysis. It supports an array of log sources and may instantly correlate info to highlight abnorm