Tag Archive | redis

Suricata 4.0.1 available!

suri-400x400

We are pleased to announce Suricata 4.0.1.  This is regular bug fix release fixing various issues. Also added is much improved Napatech support.

Changes

  • Feature #2114: Redis output: add RPUSH support
  • Feature #2152: Packet and Drop Counters for Napatech
  • Bug #2050: TLS rule mixes up server and client certificates
  • Bug #2064: Rules with dual classtype do not error
  • Bug #2074: detect msg: memory leak
  • Bug #2102: Rules with dual sid do not error
  • Bug #2103: Rules with dual rev do not error
  • Bug #2151: The documentation does not reflect current suricata.yaml regarding cpu-affinity
  • Bug #2194: rust/nfs: sigabrt/rust panic – 4.0.0-dev (rev fc22943)
  • Bug #2197: rust build with lua enabled fails on x86
  • Bug #2201: af_packet: suricata leaks memory with use-mmap enabled and incorrect BPF filter
  • Bug #2207: DNS UDP “Response” parsing recording an incorrect value
  • Bug #2208: mis-structured JSON stats output if interface name is shortened
  • Bug #2226: improve error message if stream memcaps too low
  • Bug #2228: enforcing specific number of threads with autofp does not seem to work
  • Bug #2244: detect state uses broken offset logic (4.0.x)

Download

https://www.openinfosecfoundation.org/download/suricata-4.0.1.tar.gz

Special thanks

Qidu Sy, Phil Young – Napatech, Mats Klepsland, Sascha Steinbiss, Alexander Gozman, Derek Kingsbury, Julian Wecke, Pierre Chifflier, Jason Taylor

Trainings

Conference attendees get a 20% discount!

SuriCon 2017

Less than one month to SuriCon 2017! Come meet the Suricata community and development team to discuss all things Suricata at the third edition of the annual Suricata Conference. SuriCon 2017 will be next month in Prague: https://suricon.net

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.

Suricata 3.2.4 available!

suri-400x400

We are pleased to announce Suricata 3.2.4. This a security update fixing important issues. Additionally, it fixes various minor issues.

Changes

  • Bug #2241: smb dcerpc segfaults in StubDataParser (3.2.x)
  • Bug #2231: Redundant content checks may cause Suricata DoS condition on a insignificant traffic rate
  • Bug #2214: detect state uses broken offset logic
  • Bug #2234: TLS rule mixes up server and client certificates (3.2.x)
  • Bug #2235: DNS UDP “Response” parsing recording an incorrect timestamp (3.2.x)
  • Bug #2236: af_packet: suricata leaks memory with use-mmap enabled and incorrect BPF filter (3.2.x)
  • Bug #2237: Redis output: add RPUSH support (3.2.x)
  • Bug #2238: detect duplicate ‘meta’ keywords (3.2.x)
  • Bug #2239: documentation does not reflect current suricata.yaml regarding cpu-affinity (3.2.x)
  • Bug #2242: improve error message if stream memcap too low (3.2.x)
  • Bug #2243: enforcing specific number of threads with autofp does not seem to work (3.2.x)

Download

https://www.openinfosecfoundation.org/download/suricata-3.2.4.tar.gz

End of life announcement

The 3.2 branch will be end-of-life in 2 months, so on December 18. After this it will receive no more updates of any kind, so please plan for your upgrade to Suricata 4.0+ before that date.

https://suricata-ids.org/about/eol-policy/

Special thanks

Jack Covington, Kirill Shipulin – Positive Technologies, Qidu Sy, Mats Klepsland, Derek Kingsbury, Julian Wecke, Alexander Gozman, AFL project, Coverity Scan

Trainings

Conference attendees get a 20% discount!

SuriCon 2017

Less than one month to SuriCon 2017! Come meet the Suricata community and development team to discuss all things Suricata at the third edition of the annual Suricata Conference. SuriCon 2017 will be next month in Prague: https://suricon.net

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.

Suricata 3.0RC1 Available!

Photo by Eric Leblond

We’re happy to announce Suricata 3.0RC1. This release replaces 2.1beta4 as the new development release. The plan is to release the stable within a few weeks, so please help us test this release!

Lots of improvements:

  • Multi-tenancy for detection
  • Big email logging update by Eric Leblond
  • Work on Lua and JSON output for various protocols by Mats Klepsland
  • Redis output support by Eric Leblond
  • JSON output for stats, rules profiling
  • Colorized output on the commandline
  • Support for the base64_decode and base64_data keywords by Jason Ish
  • TLS and DNS lua support
  • file_data support for SMTP by Giuseppe Longo
  • Support wild cards in rule loading by Alexander Gozman

Packet capture got a lot of love:

  • PF_RING optimizations by Alfredo Cardigliano
  • Netmap updates by Aleksey Katargin
  • AF_PACKET updated by Eric Leblond
  • DAG fixes by Stephen Donnelly

Other than that, lots of cleanups and optimizations:

  • stateful detection overhaul
  • stream engine updates

Get the release here:

http://www.openinfosecfoundation.org/download/suricata-3.0RC1.tar.gz

Special thanks

We’d like to thank the following people and corporations for their contributions and feedback:

  • Alexander Gozman
  • Mats Klepsland
  • Giuseppe Longo
  • Alfredo Cardigliano
  • Aleksey Katargin
  • Alessandro Guido
  • Antti Tönkyrä
  • Tom DeCanio
  • Aaron Campbell
  • DIALLO David
  • David Cannings
  • Helmut Schaa
  • Jeff Barber
  • Schnaffon
  • Torgeir Natvig
  • Zachary Rasmor
  • Alexandre Macabies
  • Stephen Donnelly

Known issues & missing features

In a development release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.  See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.