Tag Archive | libhtp

Suricata 3.2RC1 ready for testing

We’re happy to announce Suricata 3.2RC1. The biggest addition to this release is the DNP3 support. We don’t expect many changes after this release candidate, so please help us test it!

Get the release here:

https://www.openinfosecfoundation.org/download/suricata-3.2RC1.tar.gz

High level changes

  • Feature #1745: DNP3 protocol support.
  • Feature #1906: doc: install man page and ship pdf
  • Feature #1916: lua: add an SCPacketTimestamp function
  • Feature #1867: rule compatibility: flow:not_established not supported.
  • Bug #1525: Use pkg-config for libnetfilter_queue
  • Bug #1690: app-layer-proto negation issue
  • Bug #1909: libhtp 0.5.23
  • Bug #1914: file log always shows stored: no even if file is stored
  • Bug #1917: nfq: bypass SEGV
  • Bug #1919: filemd5: md5-list does not allow comments any more
  • Bug #1923: dns – back to back requests results in loss of response
  • Bug #1928: flow bypass leads to memory errors
  • Bug #1931: multi-tenancy fails to start
  • Bug #1932: make install-full does not install tls-events.rules
  • Bug #1935: Check redis reply in non pipeline mode
  • Bug #1936: Can’t set fast_pattern on tls_sni content

Special thanks

Nicolas Thill, Duarte Silva, Thomas Andrejak, Paulo Pacheco, Priit Laes, CoverityScan

Known issues & missing features

If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.  See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

SuriCon 2.0

dcJoin us in Washington, D.C. November 9-11 for the 2nd Suricata User Conference. Agenda and speakers are now available, including keynote speakers Ron Gula and Liam Randall. Please see: http://suricon.net/

Training & Support

Need help installing, updating, validating, tuning and extending Suricata? We have a training session coming up at SuriCon: November 7 & 8 in Washington, D.C.: see https://suricata-ids.org/training/ Conference attendees get a 20% discount!

For support options also see https://suricata-ids.org/support/

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.

Suricata 3.1.3 released!

We’re proud to announce Suricata 3.1.3. This release improves DNS logging accuracy. Other than that it is mostly a collection of smaller fixes.This release fixes some important issues, so we highly recommend updating.suri-400x400

Changes

  • Bug #1861: Suricata with multitenancy does not start in 3.1/3.1.1
  • Bug #1889: Suricata doesn’t error on missing semicolon
  • Bug #1910: libhtp 0.5.23 (3.1.x)
  • Bug #1912: http.memcap reached condition can lead to dead lock
  • Bug #1913: af-packet fanout detection broken on Debian Jessie
  • Bug #1933: unix-command socket created with last character missing (3.1.x)
  • Bug #1934: make install-full does not install tls-events.rules (3.1.x)
  • Bug #1941: Can’t set fast_pattern on tls_sni content (3.1.x)
  • Bug #1942: dns – back to back requests results in loss of response (3.1.x)
  • Bug #1943: Check redis reply in non pipeline mode (3.1.x)

Get the release here:

https://www.openinfosecfoundation.org/download/suricata-3.1.3.tar.gz

Special thanks

Paulo Pacheco, Coverity Scan

Known issues & missing features

If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.  See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

SuriCon 2.0

dcJoin us in Washington, D.C. November 9-11 for the 2nd Suricata User Conference. Agenda and speakers are now available, including keynote speakers Ron Gula and Liam Randall. Please see: http://suricon.net/

Training & Support

Need help installing, updating, validating, tuning and extending Suricata? There is a training November 7 & 8 in Washington, D.C.: see https://suricata-ids.org/training/

For support options also see https://suricata-ids.org/support/

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.

Suricata 3.1.2 released!

We’re proud to announce Suricata 3.1.2. This release fixes some important issues, so we highly recommend updating.suri-400x400

Changes

  • Feature #1830: support ‘tag’ in eve log
  • Feature #1870: make logged flow_id more unique
  • Feature #1874: support Cisco Fabric Path / DCE
  • Feature #1885: eve: add option to log all dropped packets
  • Feature #1886: dns: output filtering
  • Bug #1849: ICMPv6 incorrect checksum alert if Ethernet FCS is present
  • Bug #1853: fix dce_stub_data buffer
  • Bug #1854: unified2: logging of tagged packets not working
  • Bug #1856: PCAP mode device not found
  • Bug #1858: Lots of TCP ‘duplicated option/DNS malformed request data’ after upgrading from 3.0.1 to 3.1.1
  • Bug #1878: dns: crash while logging sshfp records
  • Bug #1880: icmpv4 error packets can lead to missed detection in tcp/udp
  • Bug #1884: libhtp 0.5.22

Get the release here:

http://www.openinfosecfoundation.org/download/suricata-3.1.2.tar.gz

Special thanks

Kirill Shipulin – Positive Technologies, Christoffer Hallstensen – NTNU Gjøvik, Pedro Marinho – Proofpoint, Tom Decanio – FireEye, Coverity Scan

Known issues & missing features

If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.  See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

SuriCon 2.0

dcJoin us in Washington, D.C. November 9-11 for the 2nd Suricata User Conference. Agenda and speakers are now available, including keynote speakers Ron Gula and Liam Randall. Please see: http://suricon.net/

Training & Support

Need help installing, updating, validating, tuning and extending Suricata? We have trainings coming up. September 12-16 in Paris, November 7 & 8 in Washington, D.C.: see https://suricata-ids.org/training/

For support options also see https://suricata-ids.org/support/

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.

Suricata 3.1.1 released!

We’re proud to announce Suricata 3.1.1. This is a bug fix update for the 3.1 stable release.suri-400x400

Changes

  • Feature #1775: Lua: SMTP-support
  • Bug #1419: DNS transaction handling issues
  • Bug #1515: Problem with Threshold.config when using more than one IP
  • Bug #1664: Unreplied DNS queries not logged when flow is aged out
  • Bug #1808: Can’t set thread priority after dropping privileges
  • Bug #1821: Suricata 3.1 fails to start on CentOS6
  • Bug #1839: suricata 3.1 configure.ac says >=libhtp-0.5.5, but >=libhtp-0.5.20 required
  • Bug #1840: –list-keywords and –list-app-layer-protos not working
  • Bug #1841: libhtp 0.5.21
  • Bug #1844: netmap: IPS mode doesn’t set 2nd iface in promisc mode
  • Bug #1845: Crash on disabling a app-layer protocol when it’s logger is still enabled
  • Optimization #1846: af-packet: improve thread calculation logic
  • Optimization #1847: rules: don’t warn on empty files

Get the release here:

http://www.openinfosecfoundation.org/download/suricata-3.1.1.tar.gz

Special thanks

CoverityScan and the Casec Bachelors group: Lauritz Prag Sømme, Levi Tobiassen, Stian Hoel Bergseth, Vinjar Hillestad

Known issues & missing features

If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.  See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

SuriCon 2.0

dcJoin us in Washington, D.C. November 9-11 for the 2nd Suricata User Conference. http://suricon.net/

Training & Support

Need help installing, updating, validating and tuning Suricata? We have trainings coming up. September 12-16 in Paris, November 7 & 8 in Washington, D.C.: see https://suricata-ids.org/training/

For support options also see https://suricata-ids.org/support/

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.

Suricata 3.0.2 released

We are pleased to announce Suricata 3.0.2. The release addresses various issues affecting stability. Libhtp 0.5.20 is bundled.suri-400x400

Get the release here:

http://www.openinfosecfoundation.org/download/suricata-3.0.2.tar.gz

Special thanks

ANSSI, Stamus Networks, NorCert, AFL project, CoverityScan

Mats Klepsland, Aleksey Katargin, David Diallo

Known issues & missing features

In a development release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.  See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

SuriCon 2.0

dcJoin us in Washington, D.C. November 9-11 for the 2nd Suricata User Conference. http://suricon.net/

Training & Support

Need help installing, updating, validating and tuning Suricata? We have trainings coming up. September 12-16 in Paris, November 7 & 8 in Washington, D.C.: see https://suricata-ids.org/training/

For support options also see https://suricata-ids.org/support/

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.

Suricata 2.0.5 Available!

Photo by Eric Leblond

The OISF development team is pleased to announce Suricata 2.0.5. This release fixes a number of important issues in the 2.0 series.

Download

Get the new release here: http://www.openinfosecfoundation.org/download/suricata-2.0.5.tar.gz

Changes

  • Bug #1190: http_header keyword not matching when SYN|ACK and ACK missing
  • Bug #1246: EVE output Unix domain socket not working
  • Bug #1272: Segfault in libhtp 0.5.15
  • Bug #1298: Filestore keyword parsing issue
  • Bug #1303: improve stream ‘bad window update’ detection
  • Bug #1304: improve stream handling of bad SACK values
  • Bug #1305: fix tcp session reuse for ssh/ssl sessions
  • Bug #1307: byte_extract, within combination not working
  • Bug #1326: pcre pkt/flowvar capture broken for non-relative matches
  • Bug #1329: Invalid rule being processed and loaded
  • Bug #1330: Flow memuse bookkeeping error (2.0.x)

Special thanks

We’d like to thank the following people and corporations for their contributions and feedback:

  • Jason Ish — Endace/Emulex
  • Ken Steele — Tilera
  • lessyv
  • Tom DeCanio — FireEye
  • Andreas Herz
  • Matt Carothers
  • Duane Howard
  • Edward Fjellskål
  • Giuseppe Longo

Known issues & missing features

If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.  See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.

Suricata 2.0 Available!

Photo by Eric Leblond

The OISF development team is proud to announce Suricata 2.0. This release is a major improvement over the previous releases with regard to performance, scalability and accuracy. Also, a number of great features have been added.

The biggest new features of this release are the addition of “Eve”, our all JSON output for events: alerts, HTTP, DNS, SSH, TLS and (extracted) files; much improved VLAN handling; a detectionless ‘NSM’ runmode; much improved CUDA performance.

The Eve log allows for easy 3rd party integration. It has been created with Logstash in mind specifically and we have a quick setup guide here: Logstash_Kibana_and_Suricata_JSON_output

kibana300 kibana300map

Download

Get the new release here: https://www.openinfosecfoundation.org/download/suricata-2.0.tar.gz

Notable new features, improvements and changes

  • Eve log, all JSON event output for alerts, HTTP, DNS, SSH, TLS and files. Written by Tom Decanio of nPulse Technologies
  • NSM runmode, where detection engine is disabled. Development supported by nPulse Technologies
  • Various scalability improvements, clean ups and fixes by Ken Steel of Tilera
  • Add –set commandline option to override any YAML option, by Jason Ish of Emulex
  • Several fixes and improvements of AF_PACKET and PF_RING
  • ICMPv6 handling improvements by Jason Ish of Emulex
  • Alerting over PCIe bus (Tilera only), by Ken Steel of Tilera
  • Feature #792: DNS parser, logger and keyword support, funded by Emerging Threats
  • Feature #234: add option disable/enable individual app layer protocol inspection modules
  • Feature #417: ip fragmentation time out feature in yaml
  • Feature #1009: Yaml file inclusion support
  • Feature #478: XFF (X-Forwarded-For) support in Unified2
  • Feature #602: availability for http.log output – identical to apache log format
  • Feature #813: VLAN flow support
  • Feature #901: VLAN defrag support
  • Features #814, #953, #1102: QinQ VLAN handling
  • Feature #751: Add invalid packet counter
  • Feature #944: detect nic offloading
  • Feature #956: Implement IPv6 reject
  • Feature #775: libhtp 0.5.x support
  • Feature #470: Deflate support for HTTP response bodies
  • Feature #593: Lua flow vars and flow ints support
  • Feature #983: Provide rule support for specifying icmpv4 and icmpv6
  • Feature #1008: Optionally have http_uri buffer start with uri path for use in proxied environments
  • Feature #1032: profiling: per keyword stats
  • Feature #878: add storage api

Upgrading

The configuration file has evolved but backward compatibility is provided. We thus encourage you to update your suricata configuration file. Upgrade guidance is provided here: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Upgrading_Suricata_14_to_Suricata_20

Special thanks

We’d like to thank the following people and corporations for their contributions and feedback:

  • Tom DeCanio, nPulse
  • Ken Steele, Tilera
  • Jason Ish, Endace / Emulex
  • Duarte Silva
  • Giuseppe Longo
  • Ignacio Sanchez
  • Florian Westphal
  • Nelson Escobar, Myricom
  • Christian Kreibich, Lastline
  • Phil Schroeder, Emerging Threats
  • Luca Deri & Alfredo Cardigliano, ntop
  • Will Metcalf, Emerging Threats
  • Ivan Ristic, Qualys
  • Chris Wakelin
  • Francis Trudeau, Emerging Threats
  • Rmkml
  • Laszlo Madarassy
  • Alessandro Guido
  • Amin Latifi
  • Darrell Enns
  • Paolo Dangeli
  • Victor Serbu
  • Jack Flemming
  • Mark Ashley
  • Marc-Andre Heroux
  • Alessandro Guido
  • Petr Chmelar
  • Coverity

Known issues & missing features

If you encounter issues, please let us know!  As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal.  With this in mind, please notice the list we have included of known items we are working on.

See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.

Suricata 2.0beta2 Available!

Photo by Eric Leblond

The OISF development team is proud to announce Suricata 2.0beta2.  This big update is the second beta release for the upcoming 2.0 version.

Some notable improvements are:

– This release overhauls the protocol detection feature. It now considers both sides of connection, and will raise events on mismatches.
– DNS parser and logger was much improved.
– Tilera support was greatly improved.
– Lots of performance and code quality improvements.

Get the new release here: http://www.openinfosecfoundation.org/download/suricata-2.0beta2.tar.gz

New features

  • Feature #234: add option disable/enable individual app layer protocol inspection modules
  • Feature #417: ip fragmentation time out feature in yaml
  • Feature #478: XFF (X-Forwarded-For) support in Unified2
  • Feature #602: availability for http.log output – identical to apache log format
  • Feature #751: Add invalid packet counter
  • Feature #813: VLAN flow support
  • Feature #901: VLAN defrag support
  • Feature #878: add storage api
  • Feature #944: detect nic offloading
  • Feature #956: Implement IPv6 reject
  • Feature #983: Provide rule support for specifying icmpv4 and icmpv6
  • Feature #1008: Optionally have http_uri buffer start with uri path for use in proxied environments
  • Feature #1009: Yaml file inclusion support
  • Feature #1032: profiling: per keyword stats

Improvements and Fixes

  • Bug #463: Suricata not fire on http reply detect if request are not http
  • Feature #986: set htp request and response size limits
  • Bug #895: response: rst packet bug
  • Feature #940: randomize http body chunks sizes
  • Feature #904: store tx id when generating an alert
  • Feature #752: Improve checksum detection algorithm
  • Feature #746: Decoding API modification
  • Optimization #1018: clean up counters api
  • Bug #907: icmp_seq and icmp_id keywords broken with icmpv6 traffic
  • Bug #967: threshold rule clobbers suppress rules
  • Bug #968: unified2 not logging tagged packets
  • Bug #995: tag keyword: tagging sessions per time is broken

Many more issues were fixed, please see: https://redmine.openinfosecfoundation.org/versions/51

Special thanks

We’d like to thank the following people and corporations for their contributions and feedback:

  • Ken Steele — Tilera
  • Jason Ish — Endace/Emulex
  • Duarte Silva
  • Giuseppe Longo
  • Ignacio Sanchez
  • Nelson Escobar — Myricom
  • Chris Wakelin
  • Emerging Threats
  • Coverity
  • Alessandro Guido
  • Amin Latifi
  • Darrell Enns
  • Ignacio Sanchez
  • Mark Ashley
  • Paolo Dangeli
  • rmkml
  • Will Metcalf

Known issues & missing features

In a beta release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know!

As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.

See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.

Suricata 2.0beta1 Available!

Photo by Eric Leblond

The OISF development team is proud to announce Suricata 2.0beta1. This is the first beta release for the upcoming 2.0 version.

This release greatly improved our HTTP handling by upgrading libhtp support to 0.5.5 and by redesigning transaction handling, which increases HTTP performance as well[1]. On the performance side, a large CUDA overhaul greatly improves our GPU performance[2]. Also new in this release is a DNS parser, logger and detection support.

Get the new release here: http://www.openinfosecfoundation.org/download/suricata-2.0beta1.tar.gz

[1] http://www.poona.me/2013/05/suricata-transaction-engine-re-designed.html#performance
[2] http://www.poona.me/2013/06/suricata-cuda-engine-re-designed.html#performance

New features

  • Luajit flow vars and flow ints support (#593)
  • DNS parser, logger and keyword support (#792), funded by Emerging Threats
  • deflate support for HTTP response bodies (#470, #775)

Improvements

  • update to libhtp 0.5 (#775)
  • improved gzip support for HTTP response bodies (#470, #775)
  • redesigned transaction handling, improving both accuracy and performance (#753)
  • redesigned CUDA support (#729)
  • Be sure to always apply verdict to NFQ packet (#769)
  • stream engine: SACK allocs should adhere to memcap (#794)
  • stream: deal with multiple different SYN/ACK’s better (#796)
  • stream: Randomize stream chunk size for raw stream inspection (#804)
  • Introduce per stream thread ssn pool (#519)
  • “pass” IP-only rules should bypass detection engine after matching (#718)
  • Generate error if bpf is used in IPS mode (#777)
  • Add support for batch verdicts in NFQ, thanks to Florian Westphal
  • Update Doxygen config, thanks to Phil Schroeder
  • Improve libnss detection, thanks to Christian Kreibich

Fixes

  • Fix a FP on rules looking for port 0 and fragments (#847), thanks to Rmkml
  • OS X unix socket build fixed (#830)
  • bytetest, bytejump and byteextract negative offset failure (#827)
  • Fix fast.log formatting issues (#771), thanks to Rmkml
  • Invalidate negative depth (#774), thanks to Rmkml
  • Fixed accuracy issues with relative pcre matching (#791)
  • Fix deadlock in flowvar capture code (#802)
  • Improved accuracy of file_data keyword (#817)
  • Fix af-packet ips mode rule processing bug (#819), thanks to Laszlo Madarassy
  • stream: fix injecting pseudo packet too soon leading to FP (#883), thanks to Francis Trudeau

Special thanks

We’d like to thank the following people and corporations for their contributions and feedback:

  • Rmkml
  • Laszlo Madarassy
  • Ken Steele, Tilera
  • Florian Westphal
  • Christian Kreibich
  • Francis Trudeau
  • Phil Schroeder
  • Ivan Ristic
  • Emerging Threats
  • Coverity

Known issues & missing features

In a beta release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know!

As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.

See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.

Suricata 1.4rc1 Available!

Photo by Eric LeblondThe OISF development team is proud to announce Suricata 1.4rc1, the first (and hopefully only) release candidate for the upcoming 1.4 version.

This release adds two major new features: a unix socket command mode, allowing for easy processing of large numbers of pcap files, and IP reputation. Both features are considered experimental.

Get the new release here: suricata-1.4rc1.tar.gz

New features

  • Interactive unix socket mode (#571, #552)
  • IP Reputation: loading and matching (#647)
  • Improved –list-keywords commandline option gives detailed info for supported keyword, including doc link (#435)

Improvements

  • Rule analyzer improvement wrt ipv4/ipv6, invalid rules (#494)
  • User-Agent added to file log and filestore meta files (#629)
  • Endace DAG supports live stats and at exit drop stats (#638)
  • Add support for libhtp event “request port doesn’t match tcp port” (#650)

Fixes

  • Rules with negated addresses will not be considered IP-only (#599)
  • Rule reloads complete much faster in low traffic conditions (#526)
  • Suricata -h now displays all available options (#419)
  • Luajit configure time detection was improved (#636)
  • Flow manager mutex used w/o initialization (#628)
  • Cygwin work around for windows shell mangling interface string (#372)
  • Fix a Prelude output crash with alerts generated by rules w/o classtype or msg (#648)
  • CLANG compiler build fixes (#649)
  • Several fixes found by code analyzers

Credits

We’d like to thank the following people and corporations for their contributions and feedback:

  • Jason Ish — Endace
  • Ludovico Cavedon — Lastline
  • Last G

Known issues & missing features

This is a “release candidate”-quality release so the stability should be good although unexpected corner cases might happen. If you encounter one, please let us know!

As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.

See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.