New features:
TLS/SSL handshake parser, tls.subjectdn and tls.issuerdn keywords (#296, contributed by Pierre Chifflier)
http_user_agent keyword for matching on the HTTP User-Agent header
experimental live rule reload by sending a USR2 signal (#279)
AF_PACKET BPF support (#449)
AF_PACKET live packet loss counters (#441)
Ringbuffer and zero copy support for AF_PACKET
add pcap workers runmode for use with libpcap wrappers that support load balancing, such as Napatech’s or Myricom’s
Napatech capture card support (contributed by Randy Caldejon – nPulse)
Test mode: -T option to test the config (#271)
Rule analyzer (#349)
On the fly MD5 checksum calculation of extracted files
File extraction for HTTP POST request that do not use multipart bodies
Suricata scripts for looking up files / file md5′s at Virus Total and others (contributed by Martin Holste)
Experimental support for matching on large lists of known file MD5 checksums
negated filemd5 matching, allowing for md5 whitelisting
Line based file log, in json format
New multi pattern engine: ac-bs
Basic support for including other yaml files into the main yaml
Command line options to list supported app layer protocols and keywords (#344, #414)
Profiling improvements, added lock profiling code
Improvements:
Major rewrite of Suricata flow engine, improving scalability.
New default runmode: “autofp” (#433)
Improved scalability for Tag and Threshold subsystems
Support for PF_RING 5.4 added. Many thanks to Chris Wakelin (#459).
Improved Endace DAG support (#431, Jason Ish – Endace)
Split “file” output into “file-store” and “file-log” outputs
Much improved file extraction
Improvements to HTTP handling: multipart parsing, gzip decompression.
Improved performance for file_data, http_server_body and http_client_body keywords.
Improved HTTP CONNECT support in libhtp (#427, Brian Rectanus - Qualys)
http_cookie keyword now also inspects “Set-Cookie” header (#479)
http_raw_header keyword inspects original header line terminators (#475)
deal with double encoded URI (#464)
Improved http_stat_msg and http_stat_code keywords (#394)
Unified yaml naming convention, including fallback support (by Nikolay Denev)
Made the rule keyword parser much stricter in detecting syntax errors
Improved error reporting when using too long address strings (#451).
Rule parser is made more strict.
Byte_extract can support negative offsets now (#445).
HOME_NET and EXTERNAL_NET and the other vars are now checked for common errors (#454).
Unified2 output overhaul, logging individual segments in more cases.
signatures with depth and/or offset are now checked against packets in addition to the stream (#404)
Changes since 1.3rc1:
make live rule reloads optional and disabled by default
fix a shutdown bug
fix several memory leaks (#492)
Suricata will warn a user if it observes a global and rule thresholding conflict (#455)
set thread names on FreeBSD (Nikolay Denev)
Fix PF_RING building on Ubuntu 12.04
rule analyzer updates
file inspection improvements when dealing with limits (#493)
Download Suricata 1.3:
Suricata 1.3 - suricata-1.3.tar.gz
Visit Website -
http://www.openinfosecfoundation.org/
More Information -
http://en.wikipedia.org/wiki/Suricata_(software)
http://www.net-security.org/secworld.php?id=13213
Documentation -
https://redmine.openinfosecfoundation.org/projects/suricata/wiki
0 comments:
Post a Comment