Suricata v0.8.1 released

by

In: Data Sniffer , IDS , Suricata

12 April 2010

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.

PNG - 11 kb

New features:

  • the engine will now detect the number of cpu’s/core’s and setup the engine to use them fully
  • libhtp is now included in the source
  • experimental CUDA support for NVIDIA GPU accelerated pattern matching
  • initial support for Win32 (using mingw) was added
  • FreeBSD/Mac OS X IPFW inline support was added
  • many options in the configuration file for performance tuning
  • VLAN decoding support was added
  • Prelude output support

Major issues fixed & improvements made:

  • threading issues in the unified1 and unified2 logging modules
  • major stream engine issues were solved
  • uricontent, urilen inspection is now done against the libhtp parsed uri
  • ip only signature detection fixes in inline mode
  • add the /P (request body) option to the pcre keyword
  • many SMB, SMB2 and DCERPC improvements
  • logging is more configurable
  • pcap and pfring modes support for bpf was added
  • many bugs were fixed, cleanups were made

Known issues:

  • Some signatures fail to load because of missing keywords or keyword options
  • We have identified some serious performance issues with certain signatures and traffic combinations
  • Although we improved big endian support, there are still some issues
  • CUDA code is expected to work only on 32bit and probably doesn’t speed things up yet as we will need further redsign to fully benefit

Post scriptum

Compliance Mandates

  • IDS :

    PCI DSS 10.6, 11.4, SOX A13.2, DS5.10, GLBA 16CFR Part 314.4(b) and (3), HIPAA 164.306(a)(2), 164.308(a)(1) 164.308(a)(6)42, FISMA SI-4, AC-2, ISO 27001/27002 10.6.2,
    10.10.1, 10.10.2, 10.10.4, 15.1.5


Related Articles

Data Sniffer
IDS
Suricata