Why Redis is used and what is stored in it?

Redis is used not as a cache, but as a working data store.

Stored in Redis:

• Suricata events (Flow, DNS, HTTP, TLS, etc.);
• aggregated statistics;
• temporary states and counters;
• data for AI analysis;
• anomaly results and labels.

Reasons for choosing Redis:

• high performance;
• minimal disk I/O;
• convenient handling of streaming and time-series data;
• ability to operate without heavy databases.

This is a core element of the system’s performance.