From kmisata at oisf.net  Tue Oct 15 05:00:00 2019
From: kmisata at oisf.net (Kelley Misata)
Date: Tue, 15 Oct 2019 01:00:00 -0400
Subject: [Oisf-announce] Countdown to SuriCon 2019! Don't Miss Out
Message-ID: <CAEoU0e_ga9xp_w7J6+XGomf4hxjR=KeDPQzz+v5D+_ZDNcmMEA@mail.gmail.com>

Hi Everyone -

We are just two weeks until SuriCon2019 kicks off and almost sold out with
over 200 Suricata fans and community members. If you haven't check out the
agenda here, it is - https://suricon.net/agenda-amsterdam/

BUT we haven't met our sponsorship goals. Can you help us get there?

We need more Community Partners and Friends to step up and support this
great community event. If you do, you will be in great company with
organizations supporting Suricata and committed to open source security
like DCSO <https://dcso.de/>, OPNsense <https://opnsense.org/>, Gatewatcher
<https://www.gatewatcher.com/en/>, Amazon <https://aws.amazon.com/security/>
, Google <https://about.google/intl/en/> - and others!

Interested? Want a customized sponsorship package to meet your budget?
Email me and let's talk about it.

You still have time - BECOME A SPONSOR TODAY!  Free tickets to SuriCon are
included with all sponsorship levels.

-Kelley

-- 
*Kelley Misata, Ph.D.*
*Executive Director*
*kmisata at oisf.net <kmisata at oisf.net>*
*twitter:@OISFoundation*
*www.oisf.net <http://www.oisf.net>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-announce/attachments/20191015/03d5d7ab/attachment.html>

From vjulien at oisf.net  Tue Oct 15 12:09:09 2019
From: vjulien at oisf.net (Victor Julien)
Date: Tue, 15 Oct 2019 14:09:09 +0200
Subject: [Oisf-announce] Announcing Suricata 5.0.0
Message-ID: <1e007e60-404e-0665-aa0f-abcc39b1ec1b@oisf.net>

The OISF’s Suricata development team is proud to announce Suricata
5.0.0. This release brings many new features and improvements.

See https://suricata-ids.org/download/ for download options.

For release notes and upgrade guidance please see
https://suricata-ids.org/2019/10/15/release-notes-for-5-0-0/

*RDP, SNMP, FTP and SIP*

Three new protocol parsers and loggers, all community contributions.
Zach Kelley created a Rust RDP parser, while Giuseppe Longo created SIP
support. Rust master Pierre Chifflier contributed SNMP support. Since
RDP and SIP were merged late in our development cycle they are disabled
by default in the configuration. For FTP we have added an EVE logging
facility.

*JA3S*

After contributing JA3 support in Suricata 4.1, Mats Klepsland has been
working on JA3S support. JA3S is now available to the rule language and
in the TLS logging output.

*Datasets*

Still experimental at this time, the initial work to support datasets is
part of this release. It allows matching on large amounts of data. It is
controlled from the rule language and will work with any ‘sticky buffer’.

See documentation at
https://suricata.readthedocs.io/en/suricata-5.0.0/rules/datasets.html

We’ve already heard of people using this with millions of IOCs.

*Documentation*

With the help of many community members we’ve been improving the user
documentation. Please see:
https://suricata.readthedocs.io/en/suricata-5.0.0/

*HTTP evader*

We’ve been working hard to cover the final set of HTTP evader cases.
This work has mostly gone into the bundled libhtp 0.5.31.

*Rust*

The most visible is that our Rust support is no longer optional. We’re
convinced that Rust is a perfect match for Suricata, and we plan to
increase its footprint in our code base steadily. By making it mandatory
we’re able to remove parallel implementations and focus fully on making
the Rust code better.

*Protocol Detection*

The protocol detection engine has been extended to provide better
accuracy as well as support for dealing with asynchronous flows. These
async flows are sometimes picked up in the wrong direction and the
protocol detection engine can now reverse them.

*Decoder Anomaly records in EVE*

A new log record type has been added: ‘anomaly’. This logs the stream
and decoder events that are set by the packet decoders. This is inspired
by Zeeks (Bro) ‘weird’ log.

*EVE improvements*

VLAN and capture interface is now part of many more EVE records, even if
they are flow records or records based on flow time out.

An option to log all HTTP headers to the EVE http records has been added.

*Packet Capture*

Eric Leblond has been working hard to getting hardware offload support
working for eBPF. On Netronome cards the eBPF based flow bypass can now
be offloaded to the NIC. As eBPF is becoming a standard in the Linux
space, we are hoping to see other hardware offload soon as well.

Netmap support has been rewritten so the more advanced features of
netmap, such as vale switches, can be used now.

Napatech usability has been improved.

*Rule language: Sticky Buffers*

As discussed at the Suricon 2018 brainstorm session, a new rule keyword
scheme is being introduced. It takes the existing ‘sticky buffer’
approach with new keyword names to avoid confusion. The new scheme is
<proto>.<buffer>, so for example ‘http.uri’ for the URI inspection.

A number of HTTP keywords have been added.

Unified Lua inspection mixed with the sticky buffers has also been
implemented.

*Python 3*

With Python 2’s EOL approaching, we’ve made sure that all Suricata’s
python code is Python 3 compliant.

*Removals*

Following our deprecation policy, we have removed the following parts:
the plain text dns.log, the old files-json.log and support for the
Tilera architecture.

https://suricata-ids.org/about/deprecation-policy/

*All tickets*

Beta 1 tickets: https://redmine.openinfosecfoundation.org/versions/115

RC 1 tickets: https://redmine.openinfosecfoundation.org/versions/128

Final tickets: https://redmine.openinfosecfoundation.org/versions/129

-- 
Victor Julien
Suricata Lead Developer
suricata-ids.org

From jason.ish at oisf.net  Tue Oct 15 16:28:15 2019
From: jason.ish at oisf.net (Jason Ish)
Date: Tue, 15 Oct 2019 10:28:15 -0600
Subject: [Oisf-announce] Suricata-Update 1.1.0 Released
Message-ID: <ff530ec0-9ba9-4f3f-a062-eb880dba86e8@oisf.net>

The OISF development team is happy to announce the release of
Suricata-Update 1.1.0. This release has also been bundled with
Suricata 5.0.0.

This releases fixes several minor issues and contains enhancements
including:
- Separation of error and info logging to improve logging when
  running from cron.
- Offline mode.
- Disable alerts with noalert for rules enabled as part of a flowbit
  dependency.
- Dynamic disabling of JA3 rules if the installed Suricata does not
  support JA3, or has JA3 support disabled.
- A new command, “check-versions” to check if the installed version
  of Suricata is up to date.

For a complete list of tickets closed from the previous stable release
please see:
(1.1.0) - https://redmine.openinfosecfoundation.org/versions/134
(1.1.0rc1) - https://redmine.openinfosecfoundation.org/versions/121

This release can be downloaded independently from:
- GitHub: https://github.com/OISF/suricata-update/releases/tag/1.1.0
- PyPI: https://pypi.org/project/suricata-update/

*Special Thanks*
Konstantin Klinger
Sascha Steinbiss
Vagisha Gupta - Our Outreachy Intern!
Vidushi Agrawal
Vrinda Narayan