Suricata 7.0.0-beta1 Released

Announcements
1

Suricata 7.0.0 beta1 Release Notes

We are pleased to announce our beta version of the Suricata 7.0 release! We want to share the main work we’ll be releasing soon, so you can check and test it out, offer feedback and hopefully share your thoughts with us during SuriCon2022.

A few more issues (and features) should be covered for the stable version, but here are the main ones.

We know this took a lot of joint effort from our community, over difficult times, and we appreciate all your work in keeping improving and making Suricata always better. :slight_smile:

Download: https://www.openinfosecfoundation.org/download/suricata-7.0.0-beta1.tar.gz
Signature: https://www.openinfosecfoundation.org/download/suricata-7.0.0-beta1.tar.gz.sig

Community & Support

Don’t miss a chance to join us for SuriCon2022 in Athens, get your tickets at suricon.net!

New Features

Packet Capture

  • DPDK IDS/IPS support for primary mode was added
  • Netmap v14 API support

Secure Deployment

  • Linux Landlock support added by Eric Leblond

Protocols

  • QUICv1, GQUIC support added. GQUIC contributed by Emmanuel Thompson
  • PostgreSQL support added
  • HTTP/2 deflate decompression, byte-ranges support
  • VN-Tag support
  • Modbus rewritten to Rust with Eve logging added by Simon Dugas
  • IKEv1 support added by Sascha Steinbiss and Frank Honza
  • ESP flow tracking and logging
  • Minimal telnet parser
  • Active flow and TCP counters
  • Network service header

Rules

  • Added new rule keywords for DHCP, Kerberos, SNMP, TLS, QUIC
  • JA3(s) support for QUIC
  • New (experimental) class of keywords through “frames API”: NFS, SMB, DNS, telnet, SSL/TLS
  • HTTP request files and NFS now support file.data
  • “XOR” transform was added
  • Lua: access to more rule info

IPS

  • Exception policy added to better control packet handling in such conditions as memory caps being hit.
  • Log drop reason

Socket Control

  • Get flow stats over unix socket

Packet Logging

  • Conditional packet capture allows packets to be written to disk only after an alert has been triggered

And many more things

See 7.0.0-beta1 - Suricata - Open Information Security Foundation for the over 400 closed tickets detailing many more changes.

Code Changes

Overall changes:

1201 files changed, 95835 insertions(+), 96081 deletions(-)

More Rust:

159 files changed, 32901 insertions(+), 11779 deletions(-)

Less C:

868 files changed, 51971 insertions(+), 81688 deletions(-)

Upgrade Notes

  • Suricata 7.0 now uses pcre2 instead of pcre1.
  • The MSRV (minimum supported Rust version) has been updated to 1.58.0 from 1.41.1 minimum in Suricata 6.0. This may increase before the release candidate.
  • Support for Prelude (libprelude) has been removed
8 Likes