<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

Coming Soon in Suricata 7: Conditional PCAP @ Suricon

by Eric Leblond | Oct 05, 2021 | new, Suricata, PCAP

SuriCon is the annual open source technology community conference that highlights discussions and developments related to Suricata, the powerful intrusion detection and prevention and network security monitoring (IDS/IPS/NSM) engine. As Suricata is at the heart of our company, we are excited that Stamus Networks will be part of this year’s event - both on-site in Boston and virtually. 

We have proposed a new feature called Conditional PCAP that should be included in Suricata 7. As you may know, Suricata previously had full PCAP capture capabilities, which, however, have lots of storage requirements and are too costly to perform.

In this talk I will present the new Conditional PCAP feature of Suricata. It allows you to limit the costs of having PCAP, without losing record of the traffic to certain events. I will demonstrate how to limit the PCAP storage traffic to a selected and time-bound portion flow and will discuss the different modes that are currently available.

Attendees could expect to understand the best ways of using the new feature, by also taking into account the limitations of the capability and moving from JSON alerts to PCAP.

Join us virtually at SuriCon 2021. And if you are planning to attend the event in person, be sure to visit the Stamus table and say "hi" to one of our executives. If you are considering coming to the OISF training “Advanced Deployment & Configuration with Suricata”, the organizers are giving a 20% discount off the training to those who register for both. Learn more here >>.

We hope to see you there!

Schedule a Demo of Stamus Security Platform


Related posts

Use SELKS to solve the Unit 42 Wireshark Quiz

This blog describes how to solve the Unit 42 Wireshark quiz for January 2023 with SELKS instead of...

The Hidden Risks of False Positives: How to Prevent Alert Fatigue in Your Organization

Intrusion Detection Systems (IDS) can be powerful threat detection tools, but IDS users frequently...

Stop the leak! Detecting ChatGPT used as a channel for data exfiltration

In a recent conversation, one of our customers shared their concerns about the use of ChatGPT in...