Wednesday, August 12, 2020

Build 5 for Snort 3.0.2 available on GitHub

 The SNORT® development team released a new update to Snort 3 (aka Snort++) on GitHub today. 

Aug. 12, 2020 — 3.0.2 build 5
  • cip: Fix the trailing parameter for the module
  • dce_rpc: Set dce_rpc as a control channel inspector
  • flow: Check expected flows in flow control and add direction swap flag to expected flows
  • framework: Add an API to check if the module can be bound in the binder
  • ftp: Add opportunistic TLS support
  • ftp: Fix direction for active FTP data transfers
  • helpers: Extend printed JSON syntax
  • http2_inpsect: Fix for flush on data frame boundray w/o end of stream
  • http_inspect: Do finish() after partial inspection
  • lua: Add TCP port 80 binding to the connectivity and balanced tweaks
  • main: Add printing modules help in JSON format
  • managers: Print the instance type of the inspector module with --help-module
  • rna: Add RNA MAC-based discovery logic
  • rna: Discover network and transport protocols
  • stream_tcp: Add check to prevent reentry to TCP session cleanup when flushing a PDU
As we gear up for the full release of Snort 3, we will post regular updates to the blog. Follow Snort on Twitter for the latest updates.  

Snort 3 is the next generation of the Snort Intrusion Prevention System. The GitHub page will walk users through what Snort 3 has to offer and guide users through the steps of getting set up — from download to demo. Users unfamiliar with Snort should start with the Snort Resources page and the Snort 101 video series. 

You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats