<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

Coming Soon in Suricata 7: Conditional PCAP @ Suricon

by Eric Leblond | Oct 05, 2021 | Suricata, Events

SuriCon is the annual open source technology community conference that highlights discussions and developments related to Suricata, the powerful intrusion detection and prevention and network security monitoring (IDS/IPS/NSM) engine. As Suricata is at the heart of our company, we are excited that Stamus Networks will be part of this year’s event - both on-site in Boston and virtually. 

We have proposed a new feature called Conditional PCAP that should be included in Suricata 7. As you may know, Suricata previously had full PCAP capture capabilities, which, however, have lots of storage requirements and are too costly to perform.

In this talk I will present the new Conditional PCAP feature of Suricata. It allows you to limit the costs of having PCAP, without losing record of the traffic to certain events. I will demonstrate how to limit the PCAP storage traffic to a selected and time-bound portion flow and will discuss the different modes that are currently available.

Attendees could expect to understand the best ways of using the new feature, by also taking into account the limitations of the capability and moving from JSON alerts to PCAP.

Join us virtually at SuriCon 2021. And if you are planning to attend the event in person, be sure to visit the Stamus table and say "hi" to one of our executives. If you are considering coming to the OISF training “Advanced Deployment & Configuration with Suricata”, the organizers are giving a 20% discount off the training to those who register for both. Learn more here >>.

We hope to see you there!

Eric Leblond

Éric Leblond is the co-founder and chief technology officer (CTO) at Stamus Networks. He sits on the board of directors at Open Network Security Foundation (OISF). Éric has more than 15 years of experience as co-founder and technologist of cybersecurity software companies and is an active member of the security and open-source communities. He has worked on the development of Suricata – the open-source network threat detection engine – since 2009 and is part of the Netfilter Core team, responsible for the Linux kernel's firewall layer. Eric is a respected expert and speaker on all things network security. Éric resides in Escalles, France.

Schedule a Demo of Stamus Security Platform


Related posts

Malware PCAP Analysis Made Easy Part 2

In aprevious blog post, we compiled a number of useful JQ command routines for fast malware PCAP...

Malware PCAP Analysis Made Easy

When a threat researcher is investigating malware behavior and traces on the network, they need a...