We are proud to announce that the first beta release for the upcoming Suricata 4.1 is ready for testing. This release is brought to you by the OISF development team with the help 25 community contributors.
We invite everyone to test this release and report your experiences to us.
Main features additions
- SMBv1/2/3 parsing, logging, file extraction
- AF_PACKET XDP and eBPF support for high speed packet capture
- JA3 TLS client fingerprinting
- HTTP: handle sessions that only have a response, or start with a response
- Windows: MinGW is now supported
- File extraction v2: deduplication; hash-based naming; json metadata and cleanup tooling
- Eve metadata: from rules (metadata keyword) and traffic (flowbits etc)
- Pcap directory mode: process all pcaps in a directory
- Detect: transformation support
- Eve: new more compact DNS record format
- TFTP: basic logging
- HTTP Flash file decompression support
- All tickets: https://redmine.openinfosecfoundation.org/versions/105
Giuseppe Longo, Mats Klepsland, Pierre Chifflier, Ralph Broenink, Wolfgang Hotwagner, Danny Browning, Pascal Delalande, Jesper Dangaard Brouer, Maurizio Abba, Alexander Gozman, Antoine LUONG, David DIALLO, Martin Natano, Ruslan Usmanov, Alfredo Cardigliano, Antti Tönkyrä, Brandon Sterne, Clément Galland, Dana Helwig, Daniel Humphries, Gaurav Singh, Nick Price, Philippe Antoine, Thomas Andrejak, Jason Taylor
Come meet the Suricata community and development team to discuss all things Suricata at the fourth edition of the annual Suricata Conference. SuriCon 2018 will be held in November in Vancouver, Canada: https://suricon.net
Our call for presentations is still open, so please submit your ideas!
Also, we’re still looking for sponsors for the event.
Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.