What's New in Suricata 8: Enhanced Detection and Performance
2025-10-22 , Europe

Suricata is a widely-used high performance, open source network analysis and threat detection software.This talk will provide an overview of the key new features introduced in Suricata 8, the latest release of the open-source network threat detection engine. We will cover the addition of several new protocols, including LDAP, DNS over HTTPS, SIP, SDP, POP3, and websocket, expanding Suricata's monitoring capabilities. We will also discuss the new "transactional rules" functionality, which allows single signatures to match traffic in both directions.


The presentation will highlight some of the more than 100 new keywords available, such as those for entropy matching, domain transform, dataset with JSON context, ENIP matching, full DNS field matching, and enhanced support for SMTP, EMAIL, and FTP. Finally, we will touch on the improvements to performance and security, including the default availability of vendoring and sandboxing Lua, and the implementation of HTTP parsing in Rust.

This talk will be relevant for security analysts and network administrators seeking to leverage the latest advances in Suricata for advanced threat detection and network security monitoring.

Éric Leblond is the co-founder and chief technology officer (CTO) of Stamus Networks and a member of the board of directors at Open Network Security Foundation (OISF). Éric has more than 15 years of experience as co-founder and technologist of cybersecurity software companies and is an active member of the security and open-source communities.
He has worked on the development of Suricata – the open-source network threat detection engine – since 2009 and is part of the Netfilter Core team, responsible for the Linux kernel's firewall layer. Eric is also the lead developer of the Suricata Language Server, a real-time syntax checking and autocomplete app for Suricata rule writers.
Eric is a well-respected expert and speaker on network security.

This speaker also appears in:

Peter Manev is member of the executive team at Open Network Security Foundation (OISF) and Suricata Project Evangelist. Peter has over 20 years of experience in the IT industry, including enterprise-level IT security practice. He is a passionate user, developer, and explorer of innovative open-source security software. He is responsible for training as well as quality assurance and testing on the development team of Suricata – the open-source threat detection engine. Peter has been involved with Suricata IDS/IPS/NSM from its very early days in 2009 as QA and training lead.

Peter is also one of the lead developers of SELKS / ClearNDR Community, the popular turnkey open-source based implementation of Suricata IDS/IPS/NSM. Peter is a regular speaker and educator on open-source security, threat hunting, and network security.

Peter Manev is a co-author of the The Security Analyst’s Guide to Suricata book written with Eric Leblond.

Additionally, Peter is the co-founder and chief strategy officer (CSO) of Stamus Networks, a company providing commercial and open-source network detection and response solutions based on Suricata. Peter often engages in private or public training events in the area of advanced deployment and threat hunting at conferences, workshops or live-fire cyber exercises such as Crossed Swords, Locked Shields, DeepSec, Troopers, DefCon, Suricon, SharkFest, RSA, Flocon, MIT Lincoln Lab and others.

This speaker also appears in: