The OISF and Suricata development team is really proud to announce the availability of Suricata 3.2. This was a real community effort with 12 different contributors from 9 different countries that added to the work of Suricata core team. Thanks a lot for these contributions!
Suricata 3.2 comes with some new features that can help a Meerkat to stay awake when on a guard watch. The support of industrial networks has been greatly improved with the addition of two new protocols, DNP3 and CIP/ENIP. But we can’t forget the improvements on the TLS side with new fields available for matching and logging such as certificate validity dates. On file matching and logging, it is now possible to use SHA1/SHA256 in addition to the obsolete MD5.
On the performance side, Suricata 3.2 run as fast as a Cheetah with the addition of the bypass mechanism that can help to fix the challenging Elephant flows. Another big improvement comes from the pre-filter system that allows packet inspecting keywords to be much faster.
Documentation has received a huge overhaul, with PDF and other formats now available: http://suricata.readthedocs.io/en/suricata-3.2/
On usability side, one can note that incompatible NIC offloading is now switched off by default. Also, the unix command socket is now enabled by default.
For those of you into lists, here you are:
- pre-filter — fast packet keywords
- TLS improvements
- SCADA/ICS protocol additions: DNP3 CIP/ENIP
- SHA1/SHA256 for file matching, logging & extraction
- Sphinx documentation
Visible smaller changes
- NIC offloading disabled by default
- unix command socket enabled by default
- App Layer stats
Under the hood
- threading simplification (log api + no more thread restarts)
- flow manager optimization
- simplify adding keywords
- luajit improvements wrt memory handling in large deployments
Stamus Networks, NorCert, Solana Networks, FireEye, Proofpoint, CoverityScan
Mats Klepsland, Giuseppe Longo, Duarte Silva, Tom Decanio, Kevin Wong, Nicolas Thill, Duarte Silva, Thomas Andrejak, Paulo Pacheco, Priit Laes, Alexander Gozman
Training & Support
Need help installing, updating, validating and tuning Suricata? OISF organizes regular user and developer training sessions. Keep an eye on https://suricata-ids.org/training/
For support options also see https://suricata-ids.org/support/
Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.