<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: rgb(0, 0, 128);">
Hi Victor
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: rgb(0, 0, 128);">
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: rgb(0, 0, 128);">
Hope all is well with you. I thought I should ask this on the Forum rather than 121.
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: rgb(0, 0, 128);">
Regards Unified2 support, the web site says: "After 18 months, the feature will be removed in the first major release."
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: rgb(0, 0, 128);">
When is the next Major release planned for?
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: rgb(0, 0, 128);">
We run with a slightly older version when it comes to integrating Suri with our software.
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: rgb(0, 0, 128);">
What is/will be the latest/last fully Unified2 tested version of Suricata?
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: rgb(0, 0, 128);">
That will enable us to ensure supported product for few more years.
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: rgb(0, 0, 128);">
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: rgb(0, 0, 128);">
Thank you
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: rgb(0, 0, 128);">
Amar
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: rgb(0, 0, 128);">
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: rgb(0, 0, 128);">
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: rgb(0, 0, 128);">
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: rgb(0, 0, 128);">
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: rgb(0, 0, 128);">
<br>
</div>
<blockquote type="cite">
<div>
On April 9, 2019 at 7:08 AM Victor Julien <
<a href="mailto:lists@inliniac.net">lists@inliniac.net</a>> wrote:
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
Hi Champ!
</div>
<div>
<br>
</div>
<div>
On 08-04-19 17:31, Champ Clark III wrote:
</div>
<blockquote type="cite">
<div>
I was under the impression, perhaps incorrectly, that 'xbit' data gets
</div>
<div>
stored in the Suricata EVE files. For example, if an 'xbit' gets
</div>
<div>
'set' or checked ('isset'), is there an EVE record of that happening?
</div>
<div>
I've search by Suricata instances EVE files for 'xbits' an can't find
</div>
<div>
any records of that. However, it might be that I haven't triggered any
</div>
<div>
rules that have 'xbits' in them. I'd like to see how this data get
</div>
<div>
recorded.
</div>
</blockquote>
<div>
<br>
</div>
<div>
Inside Suricata, xbits are implemented as various other bits. Per host
</div>
<div>
bits (hostbits) and per IP Pair. These 2 variants are not logged in EVE
</div>
<div>
currently. Feel free to open a feature ticket.
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<blockquote type="cite">
<div>
Secondly, I know there are plans to depreciate 'unified2'. Is there a
</div>
<div>
target date for this.
</div>
</blockquote>
<div>
<br>
</div>
<div>
Yes, it's actually quite close: June this year which means we can
</div>
<div>
probably already throw it out in our git master.
</div>
<div>
<br>
</div>
<div>
<a href="https://suricata-ids.org/about/deprecation-policy/" rel="noopener" target="_blank">https://suricata-ids.org/about/deprecation-policy/</a>
<br>
</div>
<div>
<br>
</div>
<div>
--
</div>
<div>
---------------------------------------------
</div>
<div>
Victor Julien
</div>
<div>
<a href="http://www.inliniac.net/" rel="noopener" target="_blank">http://www.inliniac.net/</a>
<br>
</div>
<div>
PGP:
<a href="http://www.inliniac.net/victorjulien.asc" rel="noopener" target="_blank">http://www.inliniac.net/victorjulien.asc</a>
<br>
</div>
<div>
---------------------------------------------
</div>
<div>
<br>
</div>
<div>
_______________________________________________
</div>
<div>
Suricata IDS Users mailing list:
<a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a>
<br>
</div>
<div>
Site:
<a href="http://suricata-ids.org" rel="noopener" target="_blank">http://suricata-ids.org</a> | Support:
<a href="http://suricata-ids.org/support/" rel="noopener" target="_blank">http://suricata-ids.org/support/</a>
<br>
</div>
<div>
List:
<a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noopener" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a>
<br>
</div>
<div>
<br>
</div>
<div>
Conference:
<a href="https://suricon.net" rel="noopener" target="_blank">https://suricon.net</a>
<br>
</div>
<div>
Trainings:
<a href="https://suricata-ids.org/training/" rel="noopener" target="_blank">https://suricata-ids.org/training/</a>
<br>
</div>
</blockquote>
</body>
</html>