[Oisf-devel] Suricata 2.1beta2 Available!
rmkml
rmkml at yahoo.fr
Thu Nov 6 21:17:14 UTC 2014
Congrats Victor and Suricata team,
On another I[DP]S engine (snort), smtp decoding attachment need "file_data" keyword, but not on Suricata I think.
Could you modify parser for enabling file_data with flow:to_server / from_client please ?
(if not, these sigs are disabled on Suricata)
Do you have planned "smtp-log" on Suricata roadmap please ?
(like http-log)
Best Regards
@Rmkml
On Thu, 6 Nov 2014, Victor Julien wrote:
> The OISF development team is proud to announce Suricata 2.1beta2. This
> is the second beta release for the upcoming 2.1 version. It should be
> considered a development snapshot for the 2.1 branch.
>
> Get the new release here:
> http://www.openinfosecfoundation.org/download/suricata-2.1beta2.tar.gz
>
> New features
>
> Feature #549: Extract file attachments from emails
> Feature #1312: Lua output support
> Feature #899: MPLS over Ethernet support
> Feature #383: Stream logging
>
> Improvements
>
> Feature #1263: Lua: Access to Stream Payloads
> Feature #1264: Lua: access to TCP quad / Flow Tuple
> Feature #707: ip reputation files - network range inclusion availability (cidr)
>
> Bug fixes
>
> Bug #1048: PF_RING/DNA config - suricata.yaml
> Bug #1230: byte_extract, within combination not working
> Bug #1257: Flow switch is missing from the eve-log section in suricata.yaml
> Bug #1259: AF_PACKET IPS is broken in 2.1beta1
> Bug #1260: flow logging at shutdown broken
> Bug #1279: BUG: NULL pointer dereference when suricata was debug mode.
> Bug #1280: BUG: IPv6 address vars issue
> Bug #1285: Lua - http.request_line not working (2.1)
> Bug #1287: Lua Output has dependency on eve-log:http
> Bug #1288: Filestore keyword in wrong place will cause entire rule not to trigger
> Bug #1294: Configure doesn't use --with-libpcap-libraries when testing PF_RING library
> Bug #1301: suricata yaml - PF_RING load balance per hash option
> Bug #1308: http_header keyword not matching when SYN|ACK and ACK missing (master)
> Bug #1311: EVE output Unix domain socket not working (2.1)
>
>
> Special thanks
>
> We'd like to thank the following people and corporations for their
> contributions and feedback:
>
> - Tom Decanio -- FireEye
> - Ken Steele -- Tilera
> - Giuseppe Longo -- Emerging Threats & Ntop
> - David Abarbanel -- BAE Systems
> - Jason Ish -- Endace/Emulex
> - Mats Klepsland
> - Duarte Silva
> - Bill Meeks
> - Anoop Saldanha
> - lessyv
>
>
> Known issues & missing features
>
> In a beta release like this things may not be as polished yet. So please
> handle with care. That said, if you encounter issues, please let us
> know! As always, we are doing our best to make you aware of continuing
> development and items within the engine that are not yet complete or
> optimal. With this in mind, please notice the list we have included of
> known items we are working on.
>
> See http://redmine.openinfosecfoundation.org/projects/suricata/issues
> for an up to date list and to report new issues. See
> http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues
> for a discussion and time line for the major issues.
>
> About Suricata
>
> Suricata is a high performance Network IDS, IPS and Network Security
> Monitoring engine. Open Source and owned by a community run non-profit
> foundation, the Open Information Security Foundation (OISF). Suricata is
> developed by the OISF, its supporting vendors and the community.
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
More information about the Oisf-devel
mailing list