Suricata v0.8.2 released

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.

PNG - 11 kb

New features

  • Support for the following keywords: detection_filter, http_client_body
  • The HTTP parser can now set server personalities
  • threshold.config support
  • The experimental CUDA code now also works on x86_64
  • IP address only rules for IPv6 are now supported as well
  • Suricata can now write a pid file (pass —pidfile )
  • A fuzzer script was added to the code base
  • Policy lookup for defrag module

Improvements

  • Much better average and worstcase performance in the detection engine
  • More validation at signature loading stage
  • Libnet 1.1 is now optional
  • Negated uricontent and http_cookie matching is now supported
  • Lots of fixes of issues found by Valgrind’s DRD, CLANG and Parfait.
  • Threads are named now in "top" (Linux only atm).
  • Unified1 file handling is improved

Bugs fixed

Many :)
Several segmentation faults, upgrading is highly recommended.

Post scriptum

Compliance Mandates

  • IDS :

    PCI DSS 10.6, 11.4, SOX A13.2, DS5.10, GLBA 16CFR Part 314.4(b) and (3), HIPAA 164.306(a)(2), 164.308(a)(1) 164.308(a)(6)42, FISMA SI-4, AC-2, ISO 27001/27002 10.6.2,
    10.10.1, 10.10.2, 10.10.4, 15.1.5


Comments

Related Articles

IDS
Suricata