[Discussion] [Snort-users] Suricata IDS Available for Download!

Matt Jonkman jonkman at jonkmans.com
Thu Dec 31 20:44:35 UTC 2009


Thanks Matt! That's great to hear from you!

Look forward to your feedback.

Matt

On 12/31/09 3:42 PM, Matt Olney wrote:
> Congrats to Matt Jonkman and the team at OISF.  It's a big step, and I
> look forward to seeing your work (after then new year :))
> 
> Matt
> 
> On Thu, Dec 31, 2009 at 3:11 PM, Matt Jonkman <jonkman at jonkmans.com
> <mailto:jonkman at jonkmans.com>> wrote:
> 
>     Full Announcement here:
>     http://www.openinfosecfoundation.org/
> 
> 
>     It's been about three years in the making, but the day has finally come!
>     We have the first release of the Suricata Engine! The engine is an Open
>     Source Next Generation Intrusion Detection and Prevention Tool, not
>     intended to just replace or emulate the existing tools in the industry,
>     but to bring new ideas and technologies to the field.
> 
>     The Suricata Engine and the HTP Library are available to use under the
>     GPLv2.
> 
>     The HTP Library is an HTTP normalizer and parser written by Ivan Ristic
>     of Mod Security fame for the OISF. This integrates and provides very
>     advanced processing of HTTP streams for Suricata. The HTP library is
>     required by the engine, but may also be used independently in a range of
>     applications and tools.
> 
>     This is considered a Beta Release as we are seeking feedback from the
>     community. This release has many of the major new features we wanted to
>     add to the industry, but certainly not all. We intend to get this base
>     engine out and stable, and then continue to add new features. We expect
>     several new releases in the month of January culminating in a production
>     quality release shortly thereafter.
> 
>     The engine and the HTP Library are available here:
>     http://www.openinfosecfoundation.org/index.php/download-suricata
> 
>     Please join the oisf-users mailing list to discuss and share feedback.
>     The developers will be there ready to help you test.
>     http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 
> 
>     As this is a first release we don't really have a "what's New" section
>     because everything is new. But we do have a number of new ideas and new
>     concepts to Intrusion Detection to note. Some of those are listed below:
> 
> 
> 
>     Multi-Threading
>     Amazing that multi-threading is new to IDS, but it is, and we've got it!
> 
> 
>     Automatic Protocol Detection
>     The engine not only has keywords for IP, TCP, UDP and ICMP, but also has
>     HTTP, TLS, FTP and SMB! A user can now write a rule to detect a match
>     within an HTTP stream for example regardless of the port the stream
>     occurs on. This is going to revolutionize malware detection and control.
>     Detections for more layer 7 protocols are on the way.
> 
> 
>     Gzip Decompression
>     The HTP Parser will decode Gzip compressed streams, allowing much more
>     detailed matching within the engine.
> 
> 
>     Independent HTP Library
>     The HTP Parser will be of great use to many other applications such as
>     proxies, filters, etc. The parser is available as a library also under
>     GPLv2 for easy integration ito other tools.
> 
> 
>     Standard Input Methods
>     You can use NFQueue, IPFRing, and the standard LibPcap to capture
>     traffic. IPFW support coming shortly.
> 
> 
>     Unified2 Output
>     You can use your standard output tools and methods with the new engine,
>     100% compatible!
> 
> 
>     Flow Variables
>     It's possible to capture information out of a stream and save that in a
>     variable which can then be matched again later.
> 
> 
>     Fast IP Matching
>     The engine will automatically take rules that are IP matches only (such
>     as the RBN and compromised IP lists at Emerging Threats) and put them
>     into a special fast matching preprocessor.
> 
> 
>     HTTP Log Module
>     All HTTP requests can be automatically output into an apache-style log
>     format file. Very useful for monitoring and logging activity completely
>     independent of rulesets and matching. Should you need to do so you could
>     use the engine only as an HTTP logging sniffer.
> 
> 
> 
>     Coming Very Soon: (Within a few weeks)
> 
>     Global Flow Variables
>     The ability to store more information from a stream or match (actual
>     data, not just setting a bit), and storing that information for a period
>     of time. This will make comparing values across many streams and time
>     possible.
> 
> 
>     Graphics Card Acceleration
>     Using CUDA and OpenCL we will be able to make use of the massive
>     processing power of even old graphics cards to accelerate your IDS.
>     Offloading the very computationally intensive functions of the sensor
>     will greatly enhance performance.
> 
> 
>     IP Reputation
>     Hard to summarize in a sentence, but Reputation will allow sensors and
>     organizations to share intelligence and eliminate many false positives.
> 
> 
>     Windows Binaries
>     As soon as we have a reasonably stable body of code.
> 
> 
> 
>     The list could go on and on. Please take a few minutes to download the
>     engine and try it out and let us know what you think. We're not
>     comfortable calling it production ready at the moment until we get your
>     feedback, and we have a few features to complete. We really need your
>     feedback and input. We intend to put out a series of small releases in
>     the two to three weeks to come, and then a production ready major
>     release shortly thereafter. Phase two of our development plan will then
>     begin where we go after some major new features such as IP Reputation
>     shortly.
> 
>     http://www.openinfosecfoundation.org
> 
> 
>     ----------------------------------------------------
>     Matthew Jonkman
>     Emerging Threats
>     Open Information Security Foundation (OISF)
>     Phone 765-429-0398
>     Fax 312-264-0205
>     http://www.emergingthreats.net
>     http://www.openinformationsecurityfoundation.org
>     ----------------------------------------------------
> 
>     PGP: http://www.jonkmans.com/mattjonkman.asc
> 
>     ------------------------------------------------------------------------------
>     This SF.Net email is sponsored by the Verizon Developer Community
>     Take advantage of Verizon's best-in-class app development support
>     A streamlined, 14 day to market process makes app distribution fast
>     and easy
>     Join now and get one step closer to millions of Verizon customers
>     http://p.sf.net/sfu/verizon-dev2dev
>     _______________________________________________
>     Snort-users mailing list
>     Snort-users at lists.sourceforge.net
>     <mailto:Snort-users at lists.sourceforge.net>
>     Go to this URL to change user options or unsubscribe:
>     https://lists.sourceforge.net/lists/listinfo/snort-users
>     Snort-users
>     <https://lists.sourceforge.net/lists/listinfo/snort-users
>     Snort-users> list archive:
>     http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 

-- 

----------------------------------------------------
Matthew Jonkman
Emerging Threats
Open Information Security Foundation (OISF)
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
http://www.openinformationsecurityfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc



More information about the Discussion mailing list