We are pleased to announce our beta version of the Suricata 7.0 release! We want to share the main work we’ll be releasing soon, so you can check and test it out, offer feedback and hopefully share your thoughts with us during SuriCon2022.
A few more issues (and features) should be covered for the stable version, but here are the main ones.
We know this took a lot of joint effort from our community, over difficult times, and we appreciate all your work in keeping improving and making Suricata always better.
Don’t miss a chance to join us for SuriCon2022 in Athens, get your tickets at suricon.net 1!
- DPDK IDS/IPS support for primary mode was added
- Netmap v14 API support
- Linux Landlock support added by Eric Leblond
- QUICv1, GQUIC support added. GQUIC contributed by Emmanuel Thompson
- PostgreSQL support added
- HTTP/2 deflate decompression, byte-ranges support
- VN-Tag support
- Modbus rewritten to Rust with Eve logging added by Simon Dugas
- IKEv1 support added by Sascha Steinbiss and Frank Honza
- ESP flow tracking and logging
- Minimal telnet parser
- Active flow and TCP counters
- Network service header
- Added new rule keywords for DHCP, Kerberos, SNMP, TLS, QUIC
- JA3(s) support for QUIC
- New (experimental) class of keywords through “frames API”: NFS, SMB, DNS, telnet, SSL/TLS
- HTTP request files and NFS now support file.data
- “XOR” transform was added
- Lua: access to more rule info
- Exception policy added to better control packet handling in such conditions as memory caps being hit.
- Log drop reason
- Get flow stats over unix socket
- Conditional packet capture allows packets to be written to disk only after an alert has been triggered
See 7.0.0-beta1 – Suricata – Open Information Security Foundation for the over 400 closed tickets detailing many more changes.
1201 files changed, 95835 insertions(+), 96081 deletions(-)
159 files changed, 32901 insertions(+), 11779 deletions(-)
868 files changed, 51971 insertions(+), 81688 deletions(-)
- Suricata 7.0 now uses pcre2 instead of pcre1.
- The MSRV (minimum supported Rust version) has been updated to 1.58.0 from 1.41.1 minimum in Suricata 6.0. This may increase before the release candidate.
- Support for Prelude (libprelude) has been removed