We are very pleased to announce that nPulse has moved to Platinum Consortium Member status of the Open Information Security Foundation (OISF).
nPulse Technologies, Inc. takes the pulse of the world’s fastest networks. For customers with extremely big pipes of 10Gbps or more, who run intelligence-driven security and network operations, nPulse solutions are open, standards-based collection platforms that integrate ultrafast flow and packet capture probes with big data analytics. Unlike traditional packet capture solutions which are proprietary, expensive, and unable to scale to today’s network core speeds, nPulse platforms capture 100% of network traffic at 20 Gbps and utilize a Big Data analytics approach to significantly reduce the time, effort, and resources required to produce actionable intelligence. For more information, visit www.npulsetech.com.
This is release has significant improvements to the packet acquisition. The Napatech capture card support has been updated by our supporter Npulse. The Pcap, PF_RING and AF_PACKET capture methods now feature live drop stats.
Get the new release here: suricata-1.4beta3.tar.gz
- support for Napatech cards through their 3rd generation driver was added by Matt Keeler from Npulse (#430, #619)
- support for pkt_data keyword was added
- user and group to run as can now be set in the config file
- make HTTP request and response body inspection sizes configurable per HTTP server config (#560)
- PCAP/AF_PACKET/PF_RING packet stats are now printed in stats.log (#561, #625)
- add stream event to match on overlaps with different data in stream reassembly (#603)
- add contrib directory to the dist (#567)
- performance improvements to signatures with dsize option
- improved rule analyzer: print fast_pattern along with the rule (#558)
- fixes to stream engine reducing the number of events generated (#604)
- stream.inline option new defaults to “auto”, meaning enabled in IPS mode, disabled in IDS mode (#592)
- HTTP handling in OOM condition was greatly improved (#557)
- filemagic keyword performance was improved (#585)
- updated bundled libhtp to 0.2.11
- build system improvements and cleanups
- fixes and improvements to daemon mode (#624)
- fix drop rules not working correctly when thresholded (#613)
- fixed a possible FP when a regular and “chopped” fast_pattern were the same (#581)
- fix a false possitive condition in http_header (#607)
- fix inaccuracy in byte_jump keyword when using “from_beginning” option (#627)
- fixes to rule profiling (#576)
- cleanups and misc fixes (#379, #395)
- fix to SSL record parsing
We’d like to thank the following people and corporations for their contributions and feedback:
- Matt Keeler – Npulse
- Chris Wakelin
- Will Metcalf
- Ivan Ristic
- Kyle Creyts
- Michael Hoffrath
Known issues & missing features
In a beta release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.
Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.