Suricata是一个网络入侵检测和防护引擎,由开放信息安全基金会及其支持的厂商开发。该引擎是多线程的,内置支持IPV6。可加载现有的Snort规则和签名,
支持 Barnyard 和 Barnyard2 工具
Suricata 1.0 改进内容:
1. 增加对标签关键字的支持;
2. 支持 UDP 的 DCERPC;
3. 重复的签名检测;
4. 提升对 CUDA 的支持、URI检测;
5. 提升了稳定性和性能。
最新1.0下载地址:http://www.openinfosecfoundation.org/download/suricata-1.0.0.tar.gz
The OISF development team is proud to announce Suricata 1.0.0, the first stable release of Suricata, the Open Source Intrusion
Detection and Prevention engine.
New features
- Support for the tag keyword was added.
- Support for DCERPC over UDP was added.
Improvements
- CUDA was fixed and it's performance was improved a lot
- Fix short HTTP sessions sometimes not being parsed properly.
- Duplicate signatures are now detected, the signature with the highest revision is used.
- Uricontent inspection was improved.
- alert debuglog now also prints flow information, including flowbits.
- Pattern searching was improved in general and specially also for DCE traffic.