Update Suricata v1.3.

Release Notes v1.3 6 july 2012: This release adds a TLS/SSL handshake parser, an HTTP user agent keyword, experimental rule reloading support, AF_PACKET bpf support and packet loss counters, Napatech hardware support, a configuration test mode, a rule analyzer, and on-the-fly MD5 calculation and matching for files. Performance and scalability have been improved.

Suricatais a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It’s capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.Major new features:

  • TLS/SSL handshake parser and rule keywords for detecting anomolies in TLS/SSL traffic
  • HTTP user agent keyword for matching directly on User-Agent header On the fly MD5 calculation and matching for files in HTTP streams

New features :
– TLS/SSL handshake parser, tls.subjectdn and tls.issuerdn keywords (#296, contributed by Pierre Chifflier)
– http_user_agent keyword for matching on the HTTP User-Agent header
– experimental live rule reload by sending a USR2 signal (#279)
– AF_PACKET BPF support (#449)
– AF_PACKET live packet loss counters (#441)
– Ringbuffer and zero copy support for AF_PACKET
– add pcap workers runmode for use with libpcap wrappers that support load balancing, such as  Napatech’s or Myricom’s
– Napatech capture card support (contributed by Randy Caldejon — nPulse)
– Test mode: -T option to test the config (#271)
– Rule analyzer (#349)
– On the fly md5 checksum calculation of extracted files
– File extraction for HTTP POST request that do not use multipart bodies
– Scripts for looking up files / file md5’s at Virus Total and others (contributed by Martin Holste)
– Experimental support for matching on large lists of known file MD5 checksums
– negated filemd5 matching, allowing for md5 whitelisting
– Line based file log, in json format
– New multi pattern engine: ac-bs
– Basic support for including other yaml files into the main yaml
– Commandline options to list supported app layer protocols and keywords (#344, #414)
– Profiling improvements, added lock profiling code

Download   : suricata-1.3.tar.gz
Read More In here : http://www.openinfosecfoundation.org/
Our Post Before :