Posted
about 12 years
ago
The OISF development team is proud to announce Suricata 1.4beta3. This is the third beta release for the upcoming 1.4 version.This is release has significant improvements to the packet acquisition. The Napatech capture card support has been updated
... [More]
by our supporter Npulse. The Pcap, PF_RING and AF_PACKET capture methods now feature live drop stats.Get the new release here: suricata-1.4beta3.tar.gzNew featuressupport for Napatech cards through their 3rd generation driver was added by Matt Keeler from Npulse (#430, #619)support for pkt_data keyword was addeduser and group to run as can now be set in the config filemake HTTP request and response body inspection sizes configurable per HTTP server config (#560)PCAP/AF_PACKET/PF_RING packet stats are now printed in stats.log (#561, #625)add stream event to match on overlaps with different data in stream reassembly (#603)Improvementsadd contrib directory to the dist (#567)performance improvements to signatures with dsize optionimproved rule analyzer: print fast_pattern along with the rule (#558)fixes to stream engine reducing the number of events generated (#604)stream.inline option new defaults to "auto", meaning enabled in IPS mode, disabled in IDS mode (#592)HTTP handling in OOM condition was greatly improved (#557)filemagic keyword performance was improved (#585)updated bundled libhtp to 0.2.11build system improvements and cleanupsFixesfixes and improvements to daemon mode (#624)fix drop rules not working correctly when thresholded (#613)fixed a possible FP when a regular and "chopped" fast_pattern were the same (#581)fix a false possitive condition in http_header (#607)fix inaccuracy in byte_jump keyword when using "from_beginning" option (#627)fixes to rule profiling (#576)cleanups and misc fixes (#379, #395)fix to SSL record parsingCreditsWe'd like to thank the following people and corporations for their contributions and feedback:Matt Keeler - NpulseChris WakelinRmkmlWill MetcalfIvan RisticKyle CreytsMichael HoffrathKnown issues & missing featuresIn a beta release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.About SuricataSuricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
|
Posted
about 12 years
ago
The OISF development team is pleased to announce Suricata 1.3.4. This is the fourth maintenance release of Suricata 1.3 with some important fixes.Because of the fixes below, upgrading is highly recommended.Download: suricata-1.3.4.tar.gzFixesfix
... [More]
crash in flow and host engines in cases of low memory or low memcap settings (#617)improve http handling in low memory conditions (#620)fix inaccuracy in byte_jump keyword when using "from_beginning" option (#626)fix building on OpenBSD 5.2update default config's defrag settings to reflect all available optionsfixes to make checkfix to SSL record parsingCreditsRmkmlWill MetcalfIvan RisticKnown issues & missing featuresIf you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.See http://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues. See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues.About SuricataSuricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
|
Posted
about 12 years
ago
The OISF development team is pleased to announce Suricata 1.3.3. This is the second maintenance release of Suricata 1.3 with some important fixes.Because of the fixes below, upgrading is highly recommended.Download:
... [More]
http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gzFixesfix drop rules not working correctly when thresholded (#615)fix a false possitive condition in http_header (#606)fix extracted file corruption (#601)fix a false possitive condition with the pcre keyword and relative matching (#588)fix PF_RING set cluster problem on dma interfaces (#598)improve http handling in low memory conditions (#586, #587)fix FreeBSD inline mode crash (#612)suppress pcre jit warning (#579)CreditsWill MetcalfChris WakelinKyle CreytsMichael HoffrathKnown issues & missing featuresIf you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.See http://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues. See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues.About SuricataSuricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
|
Posted
about 12 years
ago
The OISF development team is proud to announce Suricata 1.4beta2. This is the second beta release for the upcoming 1.4 version.The main addition of this release is a usable lua scripting keyword for detection: luajit. This keyword allows you to run
... [More]
Lua scripts as part of the detection engine, allowing inspection beyond what the rule language offers. While not cheap, performance is not bad at all due to use of the luajit engine.This release also brings major performance enhancements. We're able to get virtually packet loss free with AF_PACKET on our ISP test box with 6gbps-9gpbs of sustained traffic on commodity hardware with 7k rules.Get the new release here: suricata-1.4beta2.tar.gzNew featuresNew keyword: "luajit" to inspect packet, payload and all HTTP buffers with a Lua script (#346)Added ability to control per server HTTP parser settings in much more detail (#503)ImprovementsRewrite of IP Defrag engine to improve performance and fix locking logic (#512, #540)Big performance improvement in inspecting decoder, stream and app layer events (#555)Pool performance improvements (#541)Improved performance of signatures with simple pattern setups (#577)Bundled docs are installed upon make install (#527)Support for a number of global vs rule thresholds was added (#425)Improved rule profiling performanceIf not explicit fast_pattern is set, pick HTTP patterns over stream patterns. HTTP method, stat code and stat msg are excluded.FixesFix compilation on architectures other than x86 and x86_64 (#572)Fix FP with anchored pcre combined with relative matching (#529)Fix engine hanging instead of exitting if the pcap device doesn't exist (#533)Work around for potential FP, will get properly fixed in next release (#574)Improve ERF handling. Thanks to Jason IshAlways set cluster_id in PF_RINGIPFW: fix broken broadcast handlingAF_PACKET kernel offset issue, IPS fix and cleanupFix stream engine sometimes resending the same data to app layerFix multiple issues in HTTP multipart parsingFixed a lockup at shutdown with NFQ (#537)CreditsWe'd like to thank the following people and corporations for their contributions and feedback:Jason Ish - EndaceChris WakelinRmkmlKnown issues & missing featuresIn a beta release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.About SuricataSuricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
|
Posted
about 12 years
ago
The OISF development team is pleased to announce Suricata 1.3.2. This is the second maintenance release of Suricata 1.3 with some important fixes.Because of the fixes below, upgrading is highly recommended.Download:
... [More]
http://www.openinfosecfoundation.org/download/suricata-1.3.2.tar.gzFixesFixed a possible FP when a regular and "chopped" fast_pattern were the same (#562)Fixed a FN condition with the flow:no_stream option (#575)Fix building of perf profiling code on i386 platform. By Simon Moon (#534)Fix multiple issues in HTTP multipart parsingFix stream engine sometimes resending the same data to app layerAlways set cluster_id in PF_RINGDefrag: silence some potentially noisy errors/warningsIPFW: fix broken broadcast handlingAF_PACKET kernel offset issueCreditsSimon MoonRmkmlKnown issues & missing featuresIf you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.See http://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues. See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues.About SuricataSuricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
|
Posted
about 12 years
ago
Suricata has a new website within the OISF!http://suricata-ids.orgThis site is dedicated to all things Suricata, and focuses on more detailed information as to why we hope you'll give Suricata a try in your environment.We welcome feedback on the new
... [More]
Suricata site. Putting this separate site up from the OISF's main site was in response to feedback that the primary drivers to give Suricata a try weren't featured well enough on the OISF site. So we're hoping this will help those not familiar with Suricata get a quick idea what's there, what it does, and how to give it a run.If you have a service or platform based upon or that supports Suricata please contact us directly to be added to an upcoming "Suricata Runs On" page! Being listed here is free and helps those interested in Suricata find your products and services. [Less]
|
Posted
over 12 years
ago
The OISF development team is proud to announce Suricata 1.4beta1. This is the first beta release for the upcoming 1.4 version. It is the result of major effort by the OISF team with significant help from community contributors Ignacio Sanchez and
... [More]
Simon Moon.Get the new release here: http://www.openinfosecfoundation.org/download/suricata-1.4beta1.tar.gzNew features- Custom HTTP logging contributed by Ignacio Sanchez (#530)- TLS certificate logging and fingerprint computation and keyword by Jean-Paul Roliers (#443)- TLS certificate store to disk feature Jean-Paul Roliers (#444)- Decoding of IPv4-in-IPv6, IPv6-in-IPv6 and Teredo tunnels (#462, #514, #480)- AF_PACKET IPS support (#516)- Rules can be set to inspect only IPv4 or IPv6 (#494)- filesize keyword for matching on sizes of files in HTTP (#489)- Delayed detect initialization. Starts processing packets right away and loads detection engine in the background (#522)- NFQ fail open support (#507)- Highly experimental lua scripting support for detectionImprovements- Live reloads now supports HTTP rule updates better (#522)- AF_PACKET performance improvements (#197, #415)- Make defrag more configurable (#517, #528)- Improve pool performance (#518)- Improve file inspection keywords by adding a separate API (#531)- Example threshold.config file provided (#302)Fixes- Fix building of perf profiling code on i386 platform. By Simon Moon (#534)- Various spelling corrections by Simon Moon (#533)CreditsWe'd like to thank the following people and corporations for their contributions and feedback: Jean-Paul Roliers Ignacio Sanchez Michel Saborde Simon Moon CoverityKnown issues & missing featuresIn a beta release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.See http://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues. See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues. [Less]
|
Posted
over 12 years
ago
Don't forget to RSVP to join us in Amsterdam for our half day Suricata training session.If you are already planning to attend RAID 2012 we will be meeting the day prior for a Suricata Training Session. Come learn more about Suricata from the core
... [More]
development team! Tuesday September 11, 2012, At the Wyndham Hotel from 13:00 to 17:00. There will be no cost for this session but collaboration will be greatly appreciated. Snacks will be provided. RSVP Here [Less]
|
Posted
over 12 years
ago
Don't forget to RSVP to join us in Amsterdam for our half day Suricata training session.If you are already planning to attend RAID 2012 we will be meeting the day prior for a Suricata Training Session. Come learn more about Suricata from the core
... [More]
development team! Tuesday September 11, 2012, At the Wyndham Hotel from 13:00 to 17:00. There will be no cost for this session but collaboration will be greatly appreciated. Snacks will be provided. RSVP HereNote that you will NOT need a RAID pass/ticket to attend the training session. [Less]
|
Posted
over 12 years
ago
The OISF development team is pleased to announce Suricata 1.3.1. This is the first maintenance release of Suricata 1.3 with some important fixes. As a bonus AF_PACKET's performance was greatly improved.Because of the fixes below, upgrading is highly
... [More]
recommended. When upgrading, please review: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Upgrading_Suricata_13_to_Suricata_131Download: http://www.openinfosecfoundation.org/download/suricata-1.3.1.tar.gzImprovements- AF_PACKET performance improvements- Defrag engine performance improvements- HTTP: add per server options to enable/disable double decoding of URI (#464, #504)Fixes- Stream engine packet handling for packets with non-standard flag combinations (#508)- Improved stream engine handling of packet loss (#523)- Stream engine checksum alerting fixed- Various rule analyzer fixes (#495, #496, #497)- (Rule) profiling fixed and improved (#460, #466)- Enforce limit on max-pending-packets (#510)- fast_pattern on negated content improved- TLS rule keyword parsing issues- Windows build fixes (#502)- Host OS parsing issues fixed (#499)- Reject signatures where content length is bigger than "depth" setting (#505)- Removed unused "prune-flows" option- Set main thread and live reload thread names (#498)Known issues & missing featuresIf you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.See http://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues. See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues. [Less]
|