Suricata 3.2beta1 ready for testing

Posted on | by inliniac

We’re happy to announce Suricata 3.2beta1. The plan is to release a release candidate within a few weeks, so please help us test this release!

This release includes a large detection engine rewrite that should make it much easier to extend Suricata with new keywords.

We’ve also converted the user guide to sphinx. Lots of work still to be done, but for a preview check http://suricata.readthedocs.io/en/latest/

Get the release here:

https://www.openinfosecfoundation.org/download/suricata-3.2beta1.tar.gz

High level changes

  • Feature #509: add SHA1 and SHA256 checksum support for files
  • Feature #1231: ssl_state negation support
  • Feature #1345: disable NIC offloading by default
  • Feature #1373: Allow different reassembly depth for filestore rules
  • Feature #1495: EtherNet/IP and CIP support
  • Feature #1583: tls: validity fields (notBefore and notAfter)
  • Feature #1657: Per application layer stats
  • Feature #1896: Reimplement tls.subject and tls.isserdn
  • Feature #1903: tls: tls_cert_valid and tls_cert_expired keywords
  • Feature #1907: http_request_line and http_response_line

Special thanks

Stamus Networks, NorCert, Solana Networks, CoverityScan
Mats Klepsland, Giuseppe Longo, Duarte Silva, Tom Decanio, Kevin Wong

Known issues & missing features

If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.  See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

SuriCon 2.0

dcJoin us in Washington, D.C. November 9-11 for the 2nd Suricata User Conference. Agenda and speakers are now available, including keynote speakers Ron Gula and Liam Randall. Please see: http://suricon.net/

Training & Support

Need help installing, updating, validating, tuning and extending Suricata? We have a training session coming up at SuriCon: November 7 & 8 in Washington, D.C.: see http://suricata-ids.org/training/ Conference attendees get a 20% discount!

For support options also see http://suricata-ids.org/support/

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.