Download Suricata 6.0.0

Version 6.00 of Suricata has been released. In addition, also versions 4.1.9 and 5.0.4 appeared. Suricata is an open source network intrusion detection system (IDS), intrusion prevention system (IPS), and network security monitoring engine. It can be used to monitor network traffic and alert a system administrator if anything suspicious is detected. The Open Information Security Foundation is coordinating the development, with help from the community and various manufacturers. The with it on json based logging system Eve collected data can be done with, among other things, log stash are used to display information graphically weather to to give. The changelog for this release looks like this:

Suricata 6.0.0 released

We are proud to announce Suricata 6.0. This major new release is the result of a year of work by the OISF development team and the Suricata community.

During this development cycle, the focus has been on:

• Stability and robustness
• Performance
• Support for new protocols like HTTP/2, MQTT and RFB
• Improvements to existing protocols DCERPC, SSH
• Extendibility
• Improvements to detection capabilities

Securing Suricata

• ASN1 handling is now entirely done in Rust code
• DCERPC, SSH have been reimplemented in Rust
• new protocols have been implemented in Rust
• many fixes as a result of OSS-Fuzz testing

rule language

• from_end support for byte_jump keyword
• bitmask support for byte_test keyword
• byte_math support
• flow bit OR support
• pcrexform keyword: use pcre with substring capture as a transform
• urldecode transform was added

For developers

• Use cbindgen to create Rust-C bindings (Danny Browning)
• initial plugin support
• libfuzzer (OSS-Fuzz) support
• clang format support (Roland Fischer)

removals

• unified2 has been removed
• filestore v1 has support has been removed
• drop log

Logstash Kibana fed with information from Suricata with json output.