|
|
|
Posted
3 months
ago
The OISF development team is proud to announce Suricata 1.4.1. This is a major update over the 1.4 release, adding some exiting features, many improvements and fixing some important bugs. Get the new release here:
... [More]
suricata-1.4.1.tar.gz
The most interesting new feature is the GeoIP support. Great contribution by Ignacio Sanchez. It adds “geoip” rule keyword that allows you to match on source of destination of a packet per country.
New features GeoIP keyword, allowing matching on Maxmind’s database, contributed by Ignacio Sanchez (#559)Introduce http_host and http_raw_host keywords (#733, #743)Add python module for interacting with unix socket (#767)Add new unix socket commands: fetching config, counters, basic runtime info (#764, #765) Improvements Big Napatech support update by Matt KeelerConfigurable sensor id in unified2 output, contributed by Jake Gionet (#667)FreeBSD IPFW fixes by Nikolay DenevAdd “default” interface setting to capture configuration in yaml (#679)Make sure “snaplen” can be set by the user (#680)Improve HTTP URI query string normalization (#739)Improved error reporting in MD5 loading (#693)Improve reference.config parser error reporting (#737)Improve build info output to include all configure options (#738) Fixes Segfault in TLS parsing reported by Charles Smutz (#725)Fix crash in teredo decoding, reported by Rmkml (#736)fixed UDPv4 packets without checksum being detected as invalid (#760)fixed DCE/SMB parsers getting confused in some fragmented cases (#764)parsing ipv6 address/subnet parsing in thresholding was fixed by Jamie Strandboge (#697)FN: IP-only rule ip_proto not matching for some protocols (#689)Fix build failure with other libhtp installs (#688)Fix malformed yaml loading leading to a crash (#694)Various Mac OS X fixes (#700, #701, #703)Fix for autotools on Mac OS X by Jason Ish (#704)Fix AF_PACKET under high load not updating stats (#706) Special thanks Ignacio SanchezMatt Keeler — nPulseJake GionetNikolay DenevJason Ish — EndaceJamie StrandbogeCharles SmutzRmkml Known issues & missing features As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.
See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.
About Suricata Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
|
|
Posted
3 months
ago
The OISF development team is pleased to announce Suricata 1.3.6. This the last maintenance release of Suricata 1.3 with some important fixes. Because of the fixes below, upgrading is highly recommended. Download:
... [More]
http://www.openinfosecfoundation.org/download/suricata-1.3.6.tar.gz
Fixes fix decoder event rules not checked in all cases (#671)checksum detection for icmpv6 was fixed (#673)crash in HTTP server body inspection code fixed (#675)fixed a icmpv6 payload bug (#676)IP-only rule ip_proto not matching for some protocols was addressed (#690)fixed malformed yaml crashing suricata (#702)parsing ipv6 address/subnet parsing in thresholding was fixed by Jamie Strandboge (#717)crash in tls parser was fixed (#759)fixed UDPv4 packets without checksum being detected as invalid (#762)fixed DCE/SMB parsers getting confused in some fragmented cases (#763) Special thanks Jamie Strandboge Known issues & missing features If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.
See http://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues. See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues.
About Suricata Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
|
|
Posted
3 months
ago
We are very pleased to announce that nPulse has moved to Platinum Consortium Member status of the Open Information Security Foundation (OISF). nPulse Technologies, Inc. takes the pulse of the world’s fastest networks. For
... [More]
customers with extremely big pipes of 10Gbps or more, who run intelligence-driven security and network operations, nPulse solutions are open, standards-based collection platforms that integrate ultrafast flow and packet capture probes with big data analytics. Unlike traditional packet capture solutions which are proprietary, expensive, and unable to scale to today's network core speeds, nPulse platforms capture 100% of network traffic at 20 Gbps and utilize a Big Data analytics approach to significantly reduce the time, effort, and resources required to produce actionable intelligence. For more information, visit www.npulsetech.com.
[Less]
|
|
Posted
5 months
ago
We are very pleased to welcome Tilera Corporation as a Gold level Consortium member of the Open Information Security Foundation (OISF)! Through this membership, Tilera will continue to focus on achieving unparalleled Suricata performance on
... [More]
the TILE-Gx processor family. The TILE-Gx processor family delivers industry leading performance and power efficiency (performance/watt), while providing ease-of-use with standard Linux programming.
As the leader in 64-bit manycore general purpose processors, the company is already hard at work contributing to the Consortium and has delivered the highest performance, highest density Suricata solution in the market – seeing about 40 Gbps throughput in a 1U platform. The Suricata implementation on TILE-Gx processors supports all the features of Suricata including both the IDS and IPS modes of operation.
"Tilera’s involvement with the OISF and Suricata is significant validation of Suricata as an Engine, and threading as the way forward for the industry as a whole," said Matt Jonkman, president, OISF. “The performance benefits that Tilera has already demonstrated with Suricata and the TILE-GX processor family is thoroughly impressive and is just a taste of what is to come.”
The industry-leading performance was achieved on Tilera’s TILExtreme-Gx high density platform that packs 144 cores with four TILE-Gx36 processors in a compact 1U rack mountable device. The standard TILExtreme-Gx platform provides up to 160Gbps of Ethernet I/O and is ideal for a variety of compute and I/O intensive tasks such as Network Security (IDS/IPS, DPI, DLP), Network Monitoring, Data Forensics and Big Data processing. It is actively being deployed by several Tilera customers. Additionally, based on the performance and I/O requirements, Tilera customers have the ability to scale up or down by choosing from range of platforms ranging from half-length PCIe cards to the high density 1U chassis.
Tilera will unveil a new platform that doubles the capacity in the first quarter of 2013. Support for the TILE-Gx will also be added for the open source version of Suricata.
There will be much more exciting news to come from Tilera and the OISF in 2013. If you want to learn more about Tilera and its solutions, contact Satish Ganesan, Director of Marketing, Networking Solutions, for Tilera. In the meantime, stay tuned to this space for the latest updates!
The Open Information Security Foundation (OISF) is a non-profit foundation organized to build a next generation IDS/IPS engine Suricata. The OISF has formed a multi-national group of the leading software developers in the security industry. In addition to developers and a consortium consisting of leading cyber security companies, OISF has engaged the open source security community to identify current and future IDS/IPS needs and desires.
[Less]
|
|
Posted
5 months
ago
The OISF development team is proud to announce Suricata 1.4. This release is a major improvement over the previous releases with regard to performance, scalability and accuracy. Also, a number of great features have been added.Get the new release
... [More]
here: suricata-1.4.tar.gz
The biggest new features of this release are the Unix Socket support, IP Reputation support and the addition of the Luajit keyword. Each of these new features are still in active development, and should be approached with some care.
The 1.4 release improves performance and scalability a lot. The IP Defrag engine was rewritten to scale better, various packet acquisition methods were improved and various parts of the detection engine were optimized further.
The configuration file has evolved but backward compatibility is provided. We thus encourage you to update your suricata configuration file. Upgrade guidance is provided here: Upgrading_Suricata_13_to_Suricata_14
New featuresUnix socket mode for batched processing of series of pcap (#571, #552) (experimental)Interaction with Suricata via uix socket (#571, #552) (experimental)IP Reputation: loading and matching (#647) (experimental)New keyword: "luajit" to inspect packet, payload and all HTTP buffers with a Lua script (#346) (experimental)Delayed detect initialization. Starts processing packets right away and loads detection engine in the background (#522)Support for pkt_data keyword was added (#423)Improved --list-keywords commandline option gives detailed info for supported keyword, including doc link (#435)User and group to run as can now be set in the config fileAdd stream event to match on overlaps with different data in stream reassembly (#603)Decoding of IPv4-in-IPv6, IPv6-in-IPv6 and Teredo tunnels (#462, #514, #480)Rules can be set to inspect only IPv4 or IPv6 (#494)Added ability to control per server HTTP parser settings in much more detail (#503)Make HTTP request and response body inspection sizes configurable per HTTP server config (#560)Filesize keyword for matching on sizes of files in HTTP (#489)Custom HTTP logging contributed by Ignacio Sanchez (#530)TLS certificate logging and fingerprint computation and keyword by Jean-Paul Roliers (#443)TLS certificate store to disk feature Jean-Paul Roliers (#444)AF_PACKET IPS support (#516)NFQ fail open support (#507)PCAP/AF_PACKET/PF_RING packet stats are now printed in stats.log (#561, #625)Support for Napatech cards through their 3rd generation driver was added by Matt Keeler from Npulse (#430, #619)Endace support improvedNew runmode for users of pcap wrappers (Myricom, PF_RING, others)ImprovementsAdd contrib directory to the dist (#567)Performance improvements to signatures with dsize optionImproved rule analyzer: print fast_pattern along with the rule (#558)Fixes to stream engine reducing the number of events generated (#604)Stream.inline option new defaults to "auto", meaning enabled in IPS mode, disabled in IDS mode (#592)HTTP handling in OOM condition was greatly improved (#557)Filemagic keyword performance was improved (#585)Updated bundled libhtp to 0.2.11Build system improvements and cleanupsLive reloads now supports HTTP rule updates better (#522)AF_PACKET performance improvements (#197, #415)Make defrag more configurable (#517, #528)Improve pool performance (#518)Improve file inspection keywords by adding a separate API (#531)Example threshold.config file provided (#302)Changes since 1.4rc1Decoder event matching fixed (#672)Unified2 would overwrite files if file rotation happened within a second of file creation, leading to loss of events/alerts (#665)Add more events to IPv6 extension header anomolies (#678)Fix ICMPv6 payload and checksum calculation (#677, #674)Clean up flow timeout handling (#656)Fix a shutdown bug when using AF_PACKET under high load (#653)Fix TCP sessions being cleaned up to early (#652)CreditsJason Ish -- EndaceLudovico Cavedon -- LastlineLast GMatt Keeler -- NpulseChris WakelinWill MetcalfIvan RisticKyle CreytsMichael HoffrathRmkmlJean-Paul RoliersIgnacio SanchezMichel SabordeSimon MoonCoverityKnown issues & missing featuresAs always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.
See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.
About SuricataSuricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
|
|
Posted
6 months
ago
The OISF development team is pleased to announce Suricata 1.3.5. This a maintenance release of Suricata 1.3 with some important fixes.Because of the fixes below, upgrading is highly recommended. Download:
... [More]
http://www.openinfosecfoundation.org/download/suricata-1.3.5.tar.gz
FixesFlow engine memory leak fixed by Ludovico Cavedon (#651)Unified2 would overwrite files if file rotation happened within a second of file creation, leading to loss of events/alerts (#664)Flow manager mutex used unintialized, fixed by Ludovico Cavedon (#654)Windows building in CYGWIN fixed (#630)CreditsLudovico Cavedon -- LastlineKnown issues & missing featuresThere is talk about a possible IPv6 evasion, but since no details are available this isn't addressed yet. Due to the nature of the fixes above, we decided to release anyway. Once we get details on the evasion, we'll push out another update.
If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.
See http://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues. See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues.
About SuricataSuricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
|
|
Posted
6 months
ago
The OISF development team is proud to announce Suricata 1.4rc1, the first (and hopefully only) release candidate for the upcoming 1.4 version. This release adds two major new features: a unix socket command mode, allowing for easy processing
... [More]
of large numbers of pcap files, and IP reputation. Both features are considered experimental.
Get the new release here: suricata-1.4rc1.tar.gz
New featuresInteractive unix socket mode (#571, #552)IP Reputation: loading and matching (#647)Improved --list-keywords commandline option gives detailed info for supported keyword, including doc link (#435)ImprovementsRule analyzer improvement wrt ipv4/ipv6, invalid rules (#494)User-Agent added to file log and filestore meta files (#629)Endace DAG supports live stats and at exit drop stats (#638)Add support for libhtp event "request port doesn't match tcp port" (#650)FixesRules with negated addresses will not be considered IP-only (#599)Rule reloads complete much faster in low traffic conditions (#526)Suricata -h now displays all available options (#419)Luajit configure time detection was improved (#636)Flow manager mutex used w/o initialization (#628)Cygwin work around for windows shell mangling interface string (#372)Fix a Prelude output crash with alerts generated by rules w/o classtype or msg (#648)CLANG compiler build fixes (#649)Several fixes found by code analyzersCreditsWe'd like to thank the following people and corporations for their contributions and feedback:
Jason Ish -- EndaceLudovico Cavedon -- LastlineLast GKnown issues & missing featuresThis is a "release candidate"-quality release so the stability should be good although unexpected corner cases might happen. If you encounter one, please let us know!
As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.
See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.
About SuricataSuricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
|
|
Posted
6 months
ago
The OISF development team is proud to announce Suricata 1.4beta3. This is the third beta release for the upcoming 1.4 version.This is release has significant improvements to the packet acquisition. The Napatech capture card support has been updated
... [More]
by our supporter Npulse. The Pcap, PF_RING and AF_PACKET capture methods now feature live drop stats.
Get the new release here: suricata-1.4beta3.tar.gz
New featuressupport for Napatech cards through their 3rd generation driver was added by Matt Keeler from Npulse (#430, #619)support for pkt_data keyword was addeduser and group to run as can now be set in the config filemake HTTP request and response body inspection sizes configurable per HTTP server config (#560)PCAP/AF_PACKET/PF_RING packet stats are now printed in stats.log (#561, #625)add stream event to match on overlaps with different data in stream reassembly (#603)Improvementsadd contrib directory to the dist (#567)performance improvements to signatures with dsize optionimproved rule analyzer: print fast_pattern along with the rule (#558)fixes to stream engine reducing the number of events generated (#604)stream.inline option new defaults to "auto", meaning enabled in IPS mode, disabled in IDS mode (#592)HTTP handling in OOM condition was greatly improved (#557)filemagic keyword performance was improved (#585)updated bundled libhtp to 0.2.11build system improvements and cleanupsFixesfixes and improvements to daemon mode (#624)fix drop rules not working correctly when thresholded (#613)fixed a possible FP when a regular and "chopped" fast_pattern were the same (#581)fix a false possitive condition in http_header (#607)fix inaccuracy in byte_jump keyword when using "from_beginning" option (#627)fixes to rule profiling (#576)cleanups and misc fixes (#379, #395)fix to SSL record parsingCreditsWe'd like to thank the following people and corporations for their contributions and feedback:
Matt Keeler - NpulseChris WakelinRmkmlWill MetcalfIvan RisticKyle CreytsMichael HoffrathKnown issues & missing featuresIn a beta release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.
See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.
About SuricataSuricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
|
|
Posted
6 months
ago
The OISF development team is pleased to announce Suricata 1.3.4. This is the fourth maintenance release of Suricata 1.3 with some important fixes.Because of the fixes below, upgrading is highly recommended. Download:
... [More]
suricata-1.3.4.tar.gz
Fixesfix crash in flow and host engines in cases of low memory or low memcap settings (#617)improve http handling in low memory conditions (#620)fix inaccuracy in byte_jump keyword when using "from_beginning" option (#626)fix building on OpenBSD 5.2update default config's defrag settings to reflect all available optionsfixes to make checkfix to SSL record parsingCreditsRmkmlWill MetcalfIvan RisticKnown issues & missing featuresIf you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.
See http://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues. See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues.
About SuricataSuricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
|
|
Posted
7 months
ago
The OISF development team is pleased to announce Suricata 1.3.3. This is the second maintenance release of Suricata 1.3 with some important fixes. Because of the fixes below, upgrading is highly recommended. Download:
... [More]
http://www.openinfosecfoundation.org/download/suricata-1.3.3.tar.gz
Fixesfix drop rules not working correctly when thresholded (#615)fix a false possitive condition in http_header (#606)fix extracted file corruption (#601)fix a false possitive condition with the pcre keyword and relative matching (#588)fix PF_RING set cluster problem on dma interfaces (#598)improve http handling in low memory conditions (#586, #587)fix FreeBSD inline mode crash (#612)suppress pcre jit warning (#579)CreditsWill MetcalfChris WakelinKyle CreytsMichael HoffrathKnown issues & missing featuresIf you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.
See http://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues. See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues.
About SuricataSuricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
|
Copyright
©
2013
Black Duck Software, Inc.
and its contributors, Some Rights Reserved. Unless otherwise marked, this work is licensed under a
Creative Commons Attribution 3.0 Unported License
. Ohloh
®
and the Ohloh logo are trademarks of
Black Duck Software, Inc.
in the United States and/or other jurisdictions. All other trademarks are the property of their respective holders.