Thursday, May 5, 2016

Snort Subscriber Rule Set Update for 05/05/2016

Just released:
Snort Subscriber Rule Set Update for 05/05/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 82 new rules and made modifications to 5 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the blacklist, exploit-kit, file-flash, file-image, file-multimedia, file-other, indicator-obfuscation, malware-backdoor, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Tuesday, May 3, 2016

Snort++ Build 197 Available Now

Snort++ build 197 is now available on snort.org.  This is the latest monthly update available for download.  You can also get the latest updates from github (snortadmin/snort3) which is updated weekly.

Bug Fixes:

  • cmake and pkgconfig fixes
  • fixed clang, gcc, and icc, build warnings
  • fix FreeBSD build
  • fix building against LuaJIT using only pkg-config
  • fix rule compilation for sticky buffers
  • miscellaneous warning and lint cleanup
  • update extras to better serve as examples
  • cleanup use of protocol numbers and identifiers
  • fixed so rule input / output
  • fixed protocol numbering issues
  • fixed 129:18
  • fix session parsing abort handling
  • perf_monitor config and format fixes
  • new_http_inspect unicode initialization bug fix
  • legacy search engine cleanup
  • fix process stats output
  • update extra version to alpha 4 - thanks to Henry Luciano <cuncator@mote.org> for reporting the issue
  • fix unit tests
  • fixed memory leaks
  • fixed static analysis issues

Enhancements:
  • use hwloc for CPU affinity
  • cmake - check all dependencies before fatal error
  • add configure --enable-address-sanitizer
  • add configure --enable-code-coverage
  • remove legacy/unused obfuscation api
  • stream_tcp refactoring; starting on updates
  • add dce rule options iface, opnum, smb, stub_data, tcp
  • add dce option for byte_extract/jump/test
  • initial side channel and file connector for high availability
  • initial high availability for UDP
  • new_http_inspect %u encoding and utf 8 bare byte
  • add UTF-8 normalization for new_http_inspect
  • unicode map file for new_http_inspect
  • host_cache and host_tracker config and stats updates
  • snort2Lua updates for preproc sensitive_data and sd_pattern option
  • dce2 port continued - add dce packet fragmentation
  • dce segmentation changes
  • dce smb header checks port - non segmented packets
  • memory manager updates
  • added iterative pruning for out of memory condition
  • added preemptive pruning to memory manager
  • added thread timing stats to perf_monitor
  • perf_monitor refactoring
  • added file capture stats
  • added packet_capture module
  • DAQ interface refactoring
  • updated catch headers to v1.4.0

Please submit bugs, questions, and feedback to bugs@snort.org or the Snort-Users mailing list.

Happy Snorting!
The Snort Release Team

Monday, May 2, 2016

Snort Subscriber Rule Set Update for 05/02/2016

Just released:
Snort Subscriber Rule Set Update for 05/02/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 7 new rules and made modifications to 17 additional rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
CVE-2016-3081:
A coding deficiency exists in Apache Struts that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 21072, 21656, and 23631.

Talos has added and modified multiple rules in the blacklist, browser-ie,
malware-cnc and server-webapp rule sets to provide coverage for emerging
threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Friday, April 29, 2016

Snort++ Update

Pushed build 196 to github (snortadmin/snort3):

  • added packet_capture module
  • initial high availability for UDP
  • changed memory_manager to use absolute instead of relative cap
  • cmake and pkgconfig fixes
  • updated catch headers to v1.4.0
  • static analysis memory leak fixes
  • added file capture stats
  • DAQ interface refactoring
  • perf_monitor refactoring
  • unicode map file for new_http_inspect
  • continued dce2 port
  • update extras to better serve as examples
  • cleanup use of protocol numbers and identifiers
  • continued stream_tcp refactoring


Thursday, April 28, 2016

Snort Subscriber Rule Set Update for 04/28/2016

Just released:
Snort Subscriber Rule Set Update for 04/28/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 41 new rules and made modifications to 7 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-flash, file-office, indicator-obfuscation, malware-cnc, malware-other, protocol-dns and server-other rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Tuesday, April 26, 2016

Snort Subscriber Rule Set Update for 04/26/2016

Just released:
Snort Subscriber Rule Set Update for 04/26/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 31 new rules and made modifications to 6 additional rules.

There were no changes made to the snort.conf in this release.

Talos would also like to thank the following researchers for the rules that they have contributed to the community ruleset, which were released in this rule pack:

Yaser Mansour
38603
38606
38607
38608
38610
38619
38620
38621

Rmkml
38604
38605


Talos's rule release:
Talos has added and modified multiple rules in the blacklist, browser-other, file-other, indicator-compromise, indicator-obfuscation, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Friday, April 22, 2016

Snort Subscriber Rule Set Update for 04/21/2016, Release 2

Just released:
Snort Subscriber Rule Set Update for 04/21/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 18 new rules and made modifications to 8 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the app-detect and malware-cnc rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!