And our Victor Julien ( @inliniac ) will be at NLUUG Spring Conference 2026 on May 7 in Utrecht, speaking on Suricata: 10 years later.

A look back at how the project has evolved over the past decade and where it stands today.

More info: https://leden.nluug.nl/aanmelden/index.cgi?action=event

#Suricata #NLUUG #OpenSource

#Suricata is een veelgebruikte open source (GPLv2) netwerk security engine, voornamelijk gebruikt als IDS (Intrusion Detection System) en IPS (Intrusion Prevention System).

Op de NLUUG voorjaarsconferentie van 7 mei 2026 zal Victor Julien ( @inliniac ) verbeteringen in Suricata van de afgelopen 10 jaar presenteren en inzicht geven hoe netwerk security uiterst belangrijk blijft.

Schrijf je in voor de https://nluug.nl/evenementen/nluug/voorjaarsconferentie-2026/ en zie je op de voorjaarsconferentie!

#NLUUG is dé vereniging voor (professionele) gebruikers van UNIX/Linux, #OpenSource, #OpenSystemen en #OpenStandaarden in NL.

Don’t miss Victor Julien ( @inliniac ) at BSides Groningen for a talk on open source, sovereignty, and where #Suricata fits in the conversation.

He’ll dig into Suricata’s independent history, its support through OISF, and why that matters today.

More here: https://bsidesgrunn.org/2026/03/18/suricata-open-source-network-security-engine-built-with-sovereignty-in-mind/

#Opensource

We're pleased to announce the releases of #Suricata 8.0.4 and 7.0.15! 🎉

Get the releases:
🔸 8.0.4: https://www.openinfosecfoundation.org/download/suricata-8.0.4.tar.gz
🔸 7.0.15: https://www.openinfosecfoundation.org/download/suricata-7.0.15.tar.gz

Read more: https://forum.suricata.io/t/suricata-8-0-4-and-7-0-15-released

🚨 Interested in speaking at #SuriCon2026?

Share your research, lessons learned, or a unique use case with the Suricata community.

Submit your proposal: https://pretalx.com/suricon2026/cfp

#CallforTalks #Suricata #OpenSource

worked with the tcpdump folks on an updated set of examples for the tcpdump man page https://www.tcpdump.org/manpages/tcpdump.1.html#lbAF

the idea is that if you've forgotten how tcpdump's basic flags work, you can find a quick reference in the man page!

Investigation scenario:
We just received three notifications with alerts from #Suricata #IDS

1) GPL SMTP vrfy root, from unknown IP to our mailserver

Shortly after that, two more alerts appeared:

2) ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response; from the same unknown IP to Windows computer in our network
3) ET MALWARE Possible Metasploit Payload Common Construct Bind_API, again from the same unknown IP to the same Windows computer

What happened?
What to do? How to analyze network traffic and investigate those alerts?

We do not have any EDR or XDR installed on that Windows computer. Right now,we have only Suricata eve.json logs ingested to the #OpenObserve #SIEM

If you would like to see more, you are welcome to attend my @suricata webinar on March 11.
Register here: https://us02web.zoom.us/webinar/register/WN_I6BNbCU2SNG2fAOEiotPiQ

This week the European Commission published the draft for a guidance document for the Cyber Resilience Act (CRA). It is 70 pages, but contains some helpful examples and flowcharts, like this one, making it accessible even to Open Source folks with limited time.

Here: Quick guidance for the question if your FOSS component is in scope for the CRA, and if so, wether you're deemed a steward or manufacturer in regards of the component.

#opensource #cra