We know users have been anticipating this day for years. So, we are excited to announce that the official release of Snort 3 is here! The version number is 3.1.0.0.
Snort is an open-source intrusion prevention system (IPS) capable of real-time traffic analysis and packet logging. Snort 3 is the next step in our years-long journey of protecting users’ networks from unwanted traffic, malicious software and spam and phishing documents.
When we started thinking about what the next generation of IPS looked like, we decided to start from scratch. This latest version of Snort is the result of more than seven years of development and hard work from our team. After many years of success, it is time for Snort to evolve by incorporating lessons we had learned over the many years of the software’s existence and make it even more effective.
With Snort 3, rules are faster and more efficient, users have more control over their Snort experience, and it runs on multiple environments and operating systems.
Other prominent features of Snort 3 include:
- Support for multiple packet processing threads.
- Shared configuration and attribute table.
- Use a simple, scriptable configuration.
- Make key components pluggable.
- Autodetect services for portless configuration.
- Support sticky buffers in rules.
- Autogenerate reference documentation.
- Provide better cross-platform support.
If you are new to Snort 3, here are some recent blogs to get you up to speed:
- Snort 101 videos covering Snort 3, including how to install and configure it, how to write rules and Snort 3 logging.
- A broad overview of Snort 3 vs. Snort 2
- How rules work differently in Snort 3
- Guide for installing Snort 3.0.2 on CentOS
- Snort 3 GitHub page
- Improve Snort 3 performance with Hyperscan
- How the RNA inspector works in Snort 3
- Installing Snort 3 on Ubuntu 18 and 19
- Talos Takes “Snort 101” episode
If you already use the Snort 3 release candidate, several fixes were made thanks to your feedback. You can find the details in the latest Changelog. Changes include:
- Reload improvements.
- Expanded bindings.
- HTTP/2 inspection enhancements and bug fixes.
- IPS variables moved to subtables.
- Network discovery enhancements and bug fixes.
- Build cleanup and OS X fixes.
We encourage everyone to shift over to Snort 3 from any versions of Snort 2. You can download the source from snort.org or pull it from GitHub.
Security is a journey, not a destination, and we release new features, bug fixes, and general improvements to performance and efficacy to GitHub every two weeks. Snort 3 also provides a plugin system that facilitates your own customization and experimentation.
If you have any questions, utilize one of our mailing lists to reach out to us, or refer to the Snort Resources page.