Suricata v0.9 RC1 released

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.

PNG - 11 kb

Version 0.9 RC1

New Features

  • Support for the http_headers keyword was added
  • libhtp was updated to version 0.2.3
  • Privilege dropping using libcap-ng is now supported
  • Proper support for "pass" rules was added
  • Inline mode for Windows was added

Improvements

  • A regression in the detection engine causing false negatives was fixed
  • Many accuracy and stability improvements have been made

Known Issues & Missing Features

The OISF has made significant progress towards reaching the first full (non-beta) release of Suricata. Your feedback is always important to us and we appreciate your time and effort. As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete. With this in mind, please notice the list we have included of known items currently being addressed.

  • Using the http_cookie keyword seems to cause a match on all packets.
  • Currently we don’t support the dce option for byte_test and byte_jump.
  • Stream reassembly is currently only performed for app-layer code.
  • Inconsistent time stamps in http log file due to handling & updating of the http state.
  • DCE/RPC over udp is not currently supported.
  • dce_stub_data does not respect relative modifiers.
  • Engine does not work properly on big endian platforms.
  • Time based stats are not calculated correctly.

Post scriptum

Compliance Mandates

  • IDS :

    PCI DSS 10.6, 11.4, SOX A13.2, DS5.10, GLBA 16CFR Part 314.4(b) and (3), HIPAA 164.306(a)(2), 164.308(a)(1) 164.308(a)(6)42, FISMA SI-4, AC-2, ISO 27001/27002 10.6.2,
    10.10.1, 10.10.2, 10.10.4, 15.1.5


Related Articles

IDS
Suricata