HabrОт сигнатур к ML IDS: чему IDS Suricata может научить модель?
[Текст не для публикации: не нашел как Редакции прикрепить сообщение, эта статья написана в рамках Блога "Институт системного программирования им. В.П. Иванникова РАН"]
JSkier 
da_667RE: https://infosec.exchange/@suricata/116291041184617317
Got some of my work featured in this post as well -- Operating in the margins, and Suricata: An Operator's Guide release up to chapter 9.
This newsletter appears to be run about once quarterly-ish. If you have anything network forensics related, more specifically, Suricata-related, Let me know. I want to pass it along and ensure that the rest of our community gets recognition.
Likewise, If you have a Suricata/NSM related question, you want answered, I would be happy to answer it, and write about it on community.emergingthreats.net, so that everyone can benefit from the insight.
As always, thanks to OISF, and @ish for featuring my work, alongside the work of the community.
SuricataThe latest #Suricata Newsletter is here!
In this issue, we’re sharing #SuriCon 2026 updates, release and upgrade news, and a look at what’s ahead for Suricata 9.0, along with more from across the community.
Read this issue and subscribe here: https://newsletter.suricata.io/posts/2026-03/
We’re at RSA Conference 2026 and Dr. Kelley Misata is on the floor. 🙌
This year’s Power of the Community theme fits #Suricata well. If you're here, stop by to talk real-world use, what’s top of mind, and pick up some Suricata goodies! 👕🎁
unruheSuriCon 2026 needs your support! 🙌
Whether you are an individual or organization, there is a sponsorship level for you. Help bring the Suricata community together in Lisbon.
suricon.net/sponsorships/
We're pleased to announce the releases of #Suricata 8.0.4 and 7.0.15! 🎉
Get the releases:
🔸 8.0.4: https://www.openinfosecfoundation.org/download/suricata-8.0.4.tar.gz
🔸 7.0.15: https://www.openinfosecfoundation.org/download/suricata-7.0.15.tar.gz
Read more: https://forum.suricata.io/t/suricata-8-0-4-and-7-0-15-released
Caria Giovanni - HarpocratesBuilt a production SOC for my home/mobile infra. Sharing it.
#AEGIS is a unified threat intelligence platform running on a single Linux server:
→ DNS sinkhole (port 53, custom blocklists)
→ Suricata IDS in AF-packet passive mode + ClamAV on filestore
→ Zeek NSM (http, ssl, dns, conn, weird, notice)
→ ModSecurity WAF — OWASP CRS 4.22, full enforcement
→ Fail2Ban + auditd
→ Rust orchestrator aggregating all event sources into one REST/WS API
Auto-heal watchdog, anti-DDoS engine with dynamic iptables injection, real-time dashboard.
One thing I wanted to get right: the orchestrator never touches iptables with NFQUEUE — passive only. No inline mode that can brick SSH access.
DeadUser 
