The final beta version of Snort 3 is available now. Due to some internal constraints, the version is 3.0.1, but it is not the first official 3.0 release. The 3.0 release candidate is planned for later this year.
There are many changes since the last update. Here are a few highlights:
- Several tweaks files are available to quickly configure your security posture relative to the default configuration.
- The C++ compiler supported feature set requirement is now C++14.
- A new VXLAN codec is available.
- Improved content literal searches with updated Boyer-Moore and Hyperscan alternatives.
- The HTTP/2 inspector is nearly complete.
- Faster startup by using multiple threads to compile rule groups (Hyperscan only).
- A new Talos logger is available.
- More robust Lua error detection and whitelisting.
- Numerous updates to enable on the fly reloading of most configurations.
- A new network awareness inspector is added (RNA).
- snort_config.lua and SNORT_LUA_PATH are eliminated for simpler configuration.
There are many other updates not mentioned. Check the ChangeLog for a summary of changes including new features, build and bug fixes and performance enhancements.
There are still lots of enhancements and new features planned for Snort++, some of which are already in development. As always, new downloads are posted to snort.org periodically. You can also get the latest updates from GitHub. Watch these repos to keep up with the latest:
- snort3 – main codebase.
- snort3_extra – plugin examples, experimental, and test code.
- snort3_demo – a test suite demonstrating key features and including a performance analysis suite.
- libdaq – the latest, greatest DAQ which is required for Snort 3.
You will also want to grab the latest registered Talos rule set.
Happy Snorting!
The Snort Release Team