SuriCon is the annual open source technology community conference that highlights discussions and developments related to Suricata, the powerful intrusion detection and prevention and network security monitoring (IDS/IPS/NSM) engine. As Suricata is at the heart of our company, we are excited that Stamus Networks will be part of this year’s event - both on-site in Boston and virtually.
We have proposed a new feature called Conditional PCAP that should be included in Suricata 7. As you may know, Suricata previously had full PCAP capture capabilities, which, however, have lots of storage requirements and are too costly to perform.
In this talk I will present the new Conditional PCAP feature of Suricata. It allows you to limit the costs of having PCAP, without losing record of the traffic to certain events. I will demonstrate how to limit the PCAP storage traffic to a selected and time-bound portion flow and will discuss the different modes that are currently available.
Attendees could expect to understand the best ways of using the new feature, by also taking into account the limitations of the capability and moving from JSON alerts to PCAP.
Join us virtually at SuriCon 2021. And if you are planning to attend the event in person, be sure to visit the Stamus table and say "hi" to one of our executives. If you are considering coming to the OISF training “Advanced Deployment & Configuration with Suricata”, the organizers are giving a 20% discount off the training to those who register for both. Learn more here >>.
We hope to see you there!
