SuricataWe’re at RSA Conference 2026 and Dr. Kelley Misata is on the floor. 🙌
This year’s Power of the Community theme fits #Suricata well. If you're here, stop by to talk real-world use, what’s top of mind, and pick up some Suricata goodies! 👕🎁
unruheSuriCon 2026 needs your support! 🙌
Whether you are an individual or organization, there is a sponsorship level for you. Help bring the Suricata community together in Lisbon.
suricon.net/sponsorships/
We're pleased to announce the releases of #Suricata 8.0.4 and 7.0.15! 🎉
Get the releases:
🔸 8.0.4: https://www.openinfosecfoundation.org/download/suricata-8.0.4.tar.gz
🔸 7.0.15: https://www.openinfosecfoundation.org/download/suricata-7.0.15.tar.gz
Read more: https://forum.suricata.io/t/suricata-8-0-4-and-7-0-15-released
Caria Giovanni - HarpocratesBuilt a production SOC for my home/mobile infra. Sharing it.
#AEGIS is a unified threat intelligence platform running on a single Linux server:
→ DNS sinkhole (port 53, custom blocklists)
→ Suricata IDS in AF-packet passive mode + ClamAV on filestore
→ Zeek NSM (http, ssl, dns, conn, weird, notice)
→ ModSecurity WAF — OWASP CRS 4.22, full enforcement
→ Fail2Ban + auditd
→ Rust orchestrator aggregating all event sources into one REST/WS API
Auto-heal watchdog, anti-DDoS engine with dynamic iptables injection, real-time dashboard.
One thing I wanted to get right: the orchestrator never touches iptables with NFQUEUE — passive only. No inline mode that can brick SSH access.
DeadUser 
OPNSense zainstalowany, działa zadziwiająco przyjemnie. Odpaliłem #ntop i #suricata poza bazowymi usługami, obciążenie jak widać
da_667I don't have IDS rules for the DNS or TLS SNI for this right now, but that's because I took most of this evening puzzling how to get a VPN server and client setup to work. but I'll have some sigs out tomorrow for it. #Suricata #FreeSigFriday
Victor Julien2 accepted talks about #Suricata :)
I'll be talking @suricata at:
@bsidesgrunn on April 17th (https://bsidesgrunn.org/)
and:
@nluug on May 7th (https://nluug.nl/evenementen/nluug/voorjaarsconferentie-2026/)
Hope to see you there!
🚨 Interested in speaking at #SuriCon2026?
Share your research, lessons learned, or a unique use case with the Suricata community.
Submit your proposal: https://pretalx.com/suricon2026/cfp
MalwareLabInvestigation scenario:
We just received three notifications with alerts from #Suricata #IDS
1) GPL SMTP vrfy root, from unknown IP to our mailserver
Shortly after that, two more alerts appeared:
2) ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response; from the same unknown IP to Windows computer in our network
3) ET MALWARE Possible Metasploit Payload Common Construct Bind_API, again from the same unknown IP to the same Windows computer
What happened?
What to do? How to analyze network traffic and investigate those alerts?
We do not have any EDR or XDR installed on that Windows computer. Right now,we have only Suricata eve.json logs ingested to the #OpenObserve #SIEM
If you would like to see more, you are welcome to attend my @suricata webinar on March 11.
Register here: https://us02web.zoom.us/webinar/register/WN_I6BNbCU2SNG2fAOEiotPiQ
