Project

General

Profile

Features added in 3.0

Detection

Feature #885: smtp file_data support
Feature #707: ip reputation files - network range inclusion availability (cidr)
Feature #1448: xbits
Feature #1282: support for base64_decode keyword
Feature #1137: Support IP lists in threshold.config
Feature #1440: wildcard rule loading
Feature #1281: support content keyword length greater than 255
Feature #1408: multi tenancy for detection
Feature #1514: SSH softwareversion regex should allow colon

Outputs

Feature #1582: Redis output support
Feature #1228: stats.log in JSON format
Feature #1155: Log packet payloads in eve alerts
Feature #1208: JSON Output Enhancement - Include Payload(s)
Feature #1248: flow/connection logging
Feature #1258: json: include HTTP info with Alert output
Feature #383: stream data logging
Feature #893: feature, put more info in the "drop.log"
Feature #1123: JSON logs timestamp option
Feature #1154: Get the rule when packets are dropped
Feature #1116: ips packet stats in stats.log
Feature #1410: add alerts to EVE's drop logs
Feature #1586: Add flow memcap counter
Feature #1599: rule profiling: json output
Feature #1605: more descriptive err msg - getting MTU via ioctl
Feature #1635: unified2 output: disable by default
Feature #1498: color output
Feature #1499: json output for engine messages
Feature #1374: Write pre-aggregated counters for all threads
Feature #1454: JSON output prefix
Feature #1492: Add HUP coverage to output json-log

Packet Decoding & Protocol Parsing

Feature #899: MPLS over Ethernet support
Feature #1310: Modbus parsing and matching
Feature #1438: DNS Type nxdomain
Feature #1394: Improve TCP reuse support
Feature #1342: Support Cisco erspan traffic
Feature #1265: Replace response on Suricata dns decoder when dns error please
Feature #549: Extract file attachments from emails

Scripting

Feature #1263: Lua: Access to Stream Payloads
Feature #1264: Lua: access to TCP quad / Flow Tuple
Feature #1312: Lua output support
Feature #1261: Request for Additional Lua Capabilities
Feature #1309: Lua support for Stats output
Feature #1317: Lua: Indicator for end of flow
Feature #1502: Expose tls fields to lua
Feature #1568: TLS lua output support
Feature #1569: SSH lua support

Packet Capture & IPS

Feature #336: Add support for NETMAP to Suricata.
Feature #1445: Suricata does not work on pfSense/FreeBSD interfaces using PPPoE
Feature #1447: Ability to reject ICMP traffic

Misc

Feature #1333: unix-socket: allow (easier) non-root usage
Feature #1527: Add ability to compile as a Position-Independent Executable (PIE)