Thursday, August 17, 2017

Snort Subscriber Rule Set Update for 08/17/2017

Just released:
Snort Subscriber Rule Set Update for 08/17/2017


We welcome the introduction of the newest rule release from Talos. In this release we introduced 14 new rules of which 0 are Shared Object rules and made modifications to 7 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-firefox, file-flash, file-multimedia, file-office, file-other, file-pdf, indicator-obfuscation, malware-cnc, policy-other, protocol-dns, protocol-scada and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, August 15, 2017

Snort Subscriber Rule Set Update for 08/15/2017

Just released:
Snort Subscriber Rule Set Update for 08/15/2017


We welcome the introduction of the newest rule release from Talos. In this release we introduced 81 new rules of which 0 are Shared Object rules and made modifications to 22 additional rules of which 1 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-chrome, browser-firefox, browser-ie, browser-plugins, exploit-kit, file-image, file-multimedia, file-other, file-pdf, indicator-compromise, malware-backdoor, malware-cnc, malware-other, os-windows, protocol-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, August 10, 2017

Snort Subscriber Rule Set Update for 08/10/2017

Just released:
Snort Subscriber Rule Set Update for 08/10/2017


We welcome the introduction of the newest rule release from Talos. In this release we introduced 14 new rules of which 0 are Shared Object rules and made modifications to 4 additional rules of which 1 are Shared Object rules.

There were no changes made to the snort.conf in this release.

This release also starts the releases for rules for Snort Version 2.9.11.0.  Released in Beta, today.


Talos's rule release:
Talos has added and modified multiple rules in the exploit-kit, file-multimedia, file-other, file-pdf, malware-backdoor, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

2.9.11.0 beta has been released!

Join us as we welcome Snort 2.9.11.0 to the family, in beta form!


Right off the bat, you will notice that we are going from 2.9.9.0 to 2.9.11.0, skipping over 2.9.10.0. Just to clarify, 2.9.10.0 was an internal only release. We decided not to ship it to the public because timing of back to back 2.9.10 and 2.9.11 releases, and thought it would be better for the community to just release one instead of two. All 2.9.10 features and fixes are in 2.9.11, so you're not missing anything, just making it easier on the community.


We will be modifying the EOL slightly, as we are going to be keeping versions around a little longer. We aren't quite sure what this will look like yet, but rest assured we will be updating the blog when we do.


Here's some release notes:


  • New additions
    • Changes to eliminate Snort restart when there are changes to the memory allocated for preprocessors, by releasing unused or least recently used memory when needed.



  • Improvements
    • Enhanced RTSP metadata parsing to match the user-agent field to detect RTSP traffic over Windows Media.
    • Performance improvement when SYN rate limit has reached and drop is configured as next action
    • Control-socket and side-channel support for FreeBSD platform.
    • Fixed an issue where IoQ driver was getting into bad state due to non-graceful exit.
    • Fixed issue in file signature lookup for retransmitted FTP packet.
    • Enhanced the processing of SIP/RTP future flows without ignoring them.
    • Changes made in PDF/SWF decompression by adding boundary to the size of the decompressed data.
    • Added a null check to prevent copy unless debugHostIp is configured in AppId.
    • Fixed issue where FTP file type block doesn't work for retried download.
    • Resolved issue where Snort is inappropriately handling traffic for which AppId was creating future flow.
    • Performance improvements for SIP/RTP audio and video data flow in AppId.
    • Performance and stability improvements in FTP preprocessor like incorrect referencing of ftp_data_session after its pruned.
    • Stability improvement by resolving valgrind reported issues in AppId.
    • Improved flushing mechanism for HTTP POST header.



Check out Snort 2.9.11.0, available for download on our site.

Wednesday, August 9, 2017

Snort Subscriber Rule Set Update for 08/08/2017, Release Two

Just released:
Snort Subscriber Rule Set Update for 08/08/2017


We welcome the introduction of the newest rule release from Talos. In this release we introduced 5 new rules of which 0 are Shared Object rules and made modifications to 2 additional rules of which 1 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the exploit-kit and os-other rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, August 8, 2017

Snort 2.9.9.x on OpenSuSE Leap 42.2 setup guide has been posted!

Written by community member Boris Gomez, we've posted a setup guide that he provided, for Snort 2.9.9.x on OpenSuSE Leap 42.2.

Please take a look our documentation page, check it out, and let Boris know of any issues you find!

Snort Subscriber Rule Set Update for 08/08/2017, MSTuesday

Just released:
Snort Subscriber Rule Set Update for 08/08/2017


We welcome the introduction of the newest rule release from Talos. In this release we introduced 34 new rules of which 10 are Shared Object rules and made modifications to 24 additional rules of which 1 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Details:
Microsoft Vulnerability CVE-2017-0250:
A coding deficiency exists in Microsoft JET Database Engine that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 43847 through 43848.

Microsoft Vulnerability CVE-2017-8625:
Microsoft Internet Explorer suffers from programming errors that may
lead to a security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 43851 through 43852.

Talos has also added and modified multiple rules in the file-identify,
file-image, file-multimedia, file-office, file-other, file-pdf,
os-windows, policy-other and server-webapp rule sets to provide
coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, August 3, 2017

Snort Subscriber Rule Set Update for 08/03/2017

Just released:
Snort Subscriber Rule Set Update for 08/03/2017


We welcome the introduction of the newest rule release from Talos. In this release we introduced 151 new rules of which 1 are Shared Object rules and made modifications to 49 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, browser-other, browser-plugins, exploit-kit, file-executable, file-flash, file-image, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, malware-backdoor, malware-cnc, protocol-other, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, August 1, 2017

Snort Subscriber Rule Set Update for 08/01/2017

Just released:
Snort Subscriber Rule Set Update for 08/01/2017


We welcome the introduction of the newest rule release from Talos. In this release we introduced 44 new rules of which 0 are Shared Object rules and made modifications to 21 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
43809
43810
43811
43812
43813



Talos's rule release:
Talos has added and modified multiple rules in the browser-firefox, browser-ie, file-office, file-other, malware-backdoor, os-windows, policy-other, server-iis, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!