Thursday, September 19, 2019

Snort versions EOL and open-source Snort release schedule updates

It's time again for us to wind down certain versions of SNORTⓇ.

We currently support 36 different Open Source Operating System builds for the Snort Subscriber Rule Set. Each additional version of the OS and additional version of Snort that we have to support exponentially increases the amount of build — and, subsequently, QA — time required to create a version of the ruleset. To adjust this workload, we will be deprecating the following versions of Snort:

  • 2.9.9.0
  • 2.9.11.1
  • 2.9.12.0

Using our regular 90-day notice policy, this means that those versions will deprecate on Dec. 18 later this year.

This will leave versions:

  • 2.9.8.3
  • 2.9.13.0
  • 2.9.14.1
  • And the upcoming release of 2.9.15.0

If you are on 2.9.9.0, 2.9.11.1, or 2.9.12.0, we recommend you upgrade to 2.9.14.1 immediately.

We will be updating our EOL page on Snort.org soon to reflect this change as soon as we get a chance to push that live.

But, there is good news.

We are going to move to a more regular release schedule of about once a quarter. We will iron out the dates and details soon, at which time we'll let you know on the blog with an accompanying page on Snort.org. This will allow for more regular releases and easier depreciation of older releases.

If there are any concerns, please bring them to the Snort-Users mailing list.

Snort rule update for Sept. 19, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 24 new rules and four modified rules.

Thursday's release provides protections for HooToo's line of traveling wireless routers, as well as one D-Link router that could be compromised with a malicious HNAP1 request.

Tuesday, September 17, 2019

Snort OpenAppID Detectors have been updated

An update has been released today for the Snort OpenAppID Detector content.

This release, build 326, includes:
  • A total of 2,880 detectors. 
  • It also includes some additional detectors that came in from the open source community. For more details on which contributions were included, we have added them in the AUTHORS file in this package.
Available now for download from our downloads page, we look forward to you downloading and using the new features of 2.9.14.1's OpenAppID preprocessor and sharing your experiences with the community.

The OpenAppID package is also compatible with our Snort 3.0 release.

The OpenAppID community has a mailing list specifically dedicated to the exchange and discussion of detector content.  Please visit the mailing lists page to sign up.

Snort rule update for Sept. 17, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 22 new rules and 20 modified ones.

Tuesday's release provides coverage for several different malware variants. Several new rules prevent these samples from making outbound connections to their command and control (C2) servers.

Tuesday, September 10, 2019

Snort rule update for Sept. 10, 2019: Microsoft Patch Tuesday

The latest SNORT® rule release from Cisco Talos was just released. This new round of rules provides coverage for all of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the 85 vulnerabilities Microsoft disclosed this week, head to the Talos blog.

In all, this release includes 45 new rules, 53 modified rules and four new shared object rules.

Thursday, September 5, 2019

Reminder: New shared object rule builds now available

Just a reminder that, as we wrote back in August, there are new shared object rule builds available as of this week's builds.

Snort rule update for Sept. 5, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 29 new rules, 12 modified rules, one new shared object rule and two shared object rules.

Thursday's release provides coverage for vulnerabilities in several different web browsers, including Microsoft Edge and Internet Explorer, Safari and Google Chrome.

Tuesday, August 27, 2019

Snort rule update for Aug. 27, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 76 new rules, 14 modified rules and nine new shared object rules.

Tuesday's release provides coverage for two critical vulnerabilities in the 220 series of Cisco smart switches for small businesses. There is also protection against the exploitation of an arbitrary file disclosure vulnerability in Pulse Secure SSL VPN.

Thursday, August 22, 2019

New Shared Object rule builds available September 2nd and additional EOL's

This is a notice that we will be adding additional Open Source Shared Object rule builds to our pipeline starting on September 2nd:

Alpine 3.10/i386
Alpine 3.10/x86-64
RHEL 8/x86-64
OpenSUSE 15.1/x86-64
OpenBSD 6.4/i386
OpenBSD 6.4/x86-64
OpenBSD 6.5/i386
OpenBSD 6.5/x86-64

and as previously noticed, but as a reminder, the following OSes will be EOL'ed on the same date:

CentOS 5.4
Debian 7
FC 25
FC 26
FreeBSD 8.1
FreeBSD 9.0
FreeBSD 10.0
OpenBSD 5.2
OpenBSD 5.3
RHEL 5.5
Slackware 13.1

As these OSes are also EOL.

Thank you



Snort rule update for Aug. 22, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 56 new rules, four modified rules, 14 new shared object rules and 25 modified shared object rules.

Thursday's release provides coverage for two vulnerabilities Cisco recently disclosed — one of which is rated "critical."