Project

General

Profile

Support Status

Levels of Support

Tier 1

Core team develops and supports. Compiler errors or functional failures block git merges and releases. Functionality is enabled by default on the platforms it supports.

Tier 2

Core team develops and supports, sometimes with help from community members. Compiler errors or functional failures block git merges. Functionality problems such as 'known issues' or might still going into releases. Functionality may be disabled by default.

Community

When a feature of Suricata is community supported, it means the OISF/Suricata development team won't support it. This to avoid overloading the team.

When accepting a feature into the code base anyway, it will come with a number of limits and conditions:

  1. submitter must commit to maintaining it:
    - make sure code compiles and correctly functions after Suricata and/or external (e.g. library) changes.
    - support users when they encounter problems on the mailinglists and redmine tickets
  2. the code will be disabled by default and will not become part of the QA setup. This means it will be enabled only by a --enable-<feature> configure flag.

If the feature get lots of traction, and/or if the team just considers it very useful, it may get 'promoted' to being officially supported.

On the other hand, the feature will be removed if the submitter stops maintaining it and no-one steps up to take over.

Unmaintained

When a feature is unmaintained it is very likely broken and may be (partially) removed during cleanups and code refactoring. No end-user support is done by the core team. If someone wants to help maintain and support such a feature, we recommend talking to the core team before spending a lot of time on it.

Distributions

Tier 1 Distribution Version Support QA Notes
RHEL / CentOS 6 Core team
RHEL / CentOS 7 Core team
RHEL / CentOS 8 Core team
Ubuntu 16.04 Core team Foundation of SecurityOnion
Ubuntu 18.04 Core team
Ubuntu 20.04 Core team
Debian 9 (Stretch) Core team Foundation of SELKS
Debian 10 (Buster) Core team
FreeBSD 11 Core team Foundation of OPNsense, pfSense
FreeBSD 12 Core team
Tier 2 Distribution Version Support QA Notes
OpenBSD 6.6 Core team
OpenBSD 6.7 Core team
OSX/macOS 10.10 Core team
Windows/Cygwin32 Windows 10 Core team only for 4.1
Windows/MinGW64 Windows 10 Core team 5.0+
Community Architecture Support QA Notes
Windows/MinGW32 Windows 10 Core team 5.0+

Architecture Support

Tier 1 Architecture Support QA Notes
x86_64 Core team
ARM7-32bit Core team
ARM8-64bit Core team
Tier 2 Architecture Support QA Notes
i386 Core team
Community Architecture Support QA Notes
PPC64el Part of Fedora automated QA Access can be arranged through IBM dev cloud
PPC64 Victor Julien No access except an old Mac G5 Victor has
PPC32 Victor Julien No access except an old Mac G4 Victor has

High Level Features

Capture support

Tier 1 Capture Type Maintainer QA Notes
AF_PACKET Core team / Eric Leblond Used by SELKS
PF_RING Core team Used by SecurityOnion
NETMAP (FreeBSD) Core team / Victor Julien + Aleksey Katargin Used by OPNsense
NFQUEUE Core team / Andreas Herz
libpcap Core team
Tier 2 Capture Type Maintainer QA Notes
AF_PACKET (eBPF/XDP) Eric Leblond Bleeding edge
NETMAP (Linux) Core team / Victor Julien + Aleksey Katargin
Community Capture Type Maintainer QA Notes
NFLOG Community / Giuseppe Longo
Endace/DAG Community / Jason Ish
Napatech Community / Napatech
Unmaintained Capture Type Maintainer QA Notes
IPFW

Detection

Tier 1 Detect Maintainer QA Notes
content Core team / Victor Julien includes modifiers, sticky buffers, pcre, isdataat, etc
lua Core team
file Core team file keywords
hyperscan Core team
Tier 2 Detect Maintainer QA Notes
multi-tenancy Core team / Victor Julien
Community Detect Maintainer QA Notes
GeoIP

Outputs

Tier 1 Type Maintainer QA Notes
EVE Core team
fast.log Core team
Unified2 Core team / Jason Ish scheduled for removal
Lua Core team
tls-store Core team
file-store Core team
Tier 2 Type Maintainer QA Notes
http.log Core team
dns.log Core team scheduled for removal
tls.log Mats Klepsland (Core team as backup) scheduled for removal
pcap-log Core team
Community Type Maintainer QA Notes
prelude Thomas ANDREJAK
Scheduled for removal Type Maintainer QA Notes
files-json Superceded by eve.fileinfo

AppLayer Protocols

Tier 1 Protocol Maintainer QA Notes
http Core team / Victor Julien includes libhtp
dns Core team / Jason Ish
ssl/tls Mats Klepsland (Core team as backup)
smb/dcerpc Core team / Victor Julien
smtp Core team
ssh Core team
dnp3 Core team / Jason Ish
Tier 2 Protocol Maintainer QA Notes
ftp Core team Currently only used for 'ftpbounce' keyword
rust/nfs Core team / Victor Julien Rust support currently experimental
rust/dns Core team / Jason Ish Rust support currently experimental
Community Protocol Maintainer QA Notes
modbus David Diallo
enip/cip Kevin Wong
rust/ntp Pierre Chifflier Experimental Rust support

Operation modes

Tier 1 Mode Maintainer QA Notes
IDS (passive) Core team
IPS (active) Core team
Offline pcap file Core team
Tier 2 Mode Maintainer QA Notes
Unix socket mode Core team / Eric Leblond
IDS (active) Core team Active responses, reject keyword

Output methods

Tier 1 Method Maintainer QA Notes
files Core team
unix socket Core team
Tier 2 Method Maintainer QA Notes
syslog Core team
redis Core team
Unmaintained Method Maintainer QA Notes
pcie (tile)