Join us at hack.lu 2025 — Info & Registration
Duration: 30 min
Type: Talk
Speakers: Eric Leblond, Peter Manev
Abstract
Suricata is a widely-used high performance, open source network analysis and threat detection software.This talk will provide an overview of the key new features introduced in Suricata 8, the latest release of the open-source network threat detection engine. We will cover the addition of several new protocols, including LDAP, DNS over HTTPS, SIP, SDP, POP3, and websocket, expanding Suricata’s monitoring capabilities. We will also discuss the new “transactional rules” functionality, which allows single signatures to match traffic in both directions.
Description
The presentation will highlight some of the more than 100 new keywords available, such as those for entropy matching, domain transform, dataset with JSON context, ENIP matching, full DNS field matching, and enhanced support for SMTP, EMAIL, and FTP. Finally, we will touch on the improvements to performance and security, including the default availability of vendoring and sandboxing Lua, and the implementation of HTTP parsing in Rust.
This talk will be relevant for security analysts and network administrators seeking to leverage the latest advances in Suricata for advanced threat detection and network security monitoring.
