In association with heise online

14 December 2012, 12:26

Suricata 1.4 improves performance and adds experimental features

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Suricata logo UNIX sockets, IP reputation support, and lua(jit) scripting are the latest additions to the OISF's open source Suricata IDS (Intruder Detection System). The new version, 1.4, includes these as experimental features, and there are a number of other new features such as delayable detection initialisation, decoding of IPv4-in-IPv6 and other tunnels, and certificate logging. The developers also say this version improves performance and scalability, especially as it has a rewritten IP defrag engine.

The socket support allows for easy processing of large numbers of pcap files. The IP Reputation support allows CSV files of categories and IP addresses, their categories and reputation score, to be loaded into Suricata to assist with the evaluation of traffic. The luajit keyword allows Lua scripts to be invoked from within the IDS for more complex analysis.

Full details of the changes are available in the announcement, and details of configuration file changes are also noted. The GPLv2 source is available to download and an Ubuntu PPA and Windows installer are also available.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit