 |
| ||||
Suricata is a intrusion detection and prevention system that intends to bring a new approach and new ideas to the industry. The engine provides the user multiple configuration features and multi-thread support.
This tool is designed to help you monitor network traffic and to provide you with alerts by using a set of externally developed rules.
What's New in This Release: [ read full changelog ]
New features:
· Custom HTTP logging contributed by Ignacio Sanchez (#530)
· TLS certificate logging and fingerprint computation and keyword by Jean-Paul Roliers (#443)
· TLS certificate store to disk feature Jean-Paul Roliers (#444)
· Decoding of IPv4-in-IPv6, IPv6-in-IPv6 and Teredo tunnels (#462, #514, #480)
· AF_PACKET IPS support (#516)
· Rules can be set to inspect only IPv4 or IPv6 (#494)
· filesize keyword for matching on sizes of files in HTTP (#489)
· Delayed detect initialization. Starts processing packets right away and loads detection engine in the background (#522)
· NFQ fail open support (#507)
· Highly experimental lua scripting support for detection
Improvements:
· Live reloads now supports HTTP rule updates better (#522)
· AF_PACKET performance improvements (#197, #415)
· Make defrag more configurable (#517, #528)
· Improve pool performance (#518)
· Improve file inspection keywords by adding a separate API (#531)
· Example threshold.config file provided (#302)
· Fixes;
· Fix building of perf profilin...
Via: Suricata 1.3.1 Stable / 1.4 Beta 1
