Security Dashboard
Security vDNA
Saturday 1 May 2010 - 831 read - ( Keywords : IDS , Suricata )
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.
New features
Support for the following keywords: detection_filter, http_client_body
The HTTP parser can now set server personalities
threshold.config support
The experimental CUDA code now also works on x86_64
IP address only rules for IPv6 are now supported as well
Suricata can now write a pid file (pass —pidfile )
A fuzzer script was added to the code base
Policy lookup for defrag module
Improvements
Much better average and worstcase performance in the detection engine
More validation at signature loading stage
Libnet 1.1 is now optional
Negated uricontent and http_cookie matching is now supported
Lots of fixes of issues found by Valgrind’s DRD, CLANG and Parfait.
Threads are named now in "top" (Linux only atm).
Unified1 file handling is improved
Bugs fixed
Many :) Several segmentation faults, upgrading is highly recommended.
POSTSCRIPTUM
COMPLIANCE MANDATES
IDS : PCI DSS 10.6, 11.4, SOX A13.2, DS5.10, GLBA 16CFR Part 314.4(b) and (3), HIPAA 164.306(a)(2), 164.308(a)(1) 164.308(a)(6)42, FISMA SI-4, AC-2, ISO 27001/27002 10.6.2,
10.10.1, 10.10.2, 10.10.4, 15.1.5
RELATED ARTICLES
IDS,
Suricata,
12 May 2010 : Suricata v0.9 RC1 released1 May 2010 : Suricata v0.8.2 released12 April 2010 : Suricata v0.8.1 released14 January 2010 : Suricata Next Generation IDS release 0.8.0 available
