Tuesday, May 25, 2021

New version of Snort 3 out now — Here are all the updates and fixes

The SNORTⓇ team recently released a new version of Snort 3 on Snort.org and the Snort 3 GitHub.

Snort 3.1.5.0 contains several new features and bug fixes. Here's a complete rundown of what's new in this version. Users are encouraged to update as soon as possible and to upgrade to Snort 3 if they have not already done so.

  • appid: Publish an event when AppID debug command is issued
  • appid: Do memory accounting of API stash object, DNS/TLS/third-party sessions
  • appid: Mark payload detection as done after either HTTP request or response is inspected
  • appid: Set monitor flags on future flows
  • dce_rpc: Fix expected session protocol id
  • dce_rpc: Update memory tracking for SMB session data
  • dce_rpc: Use find_else_insert in SMB session cache to avoid deadlock
  • file_api: Fix spell source error
  • flow: Adding stash API to save auxiliary IP
  • flow: Enhancing APIs to stash auxiliary IP
  • flow: Memory tracking updates
  • hash: Add new insert method in lru_cache_shared
  • http2_inspect: Add assert in clear
  • http2_inspect: Concurrent streams limit is configurable
  • http2_inspect: Fix non-standard c++
  • http2_inspect: Handle trailer after reaching flow depth
  • http2_inspect: Implement window_update frame
  • http2_inspect: Optimize processing after reaching flow depth
  • http2_inspect: Track stream memory incrementally instead of all up front
  • http2_inspect: Update discard print
  • http2_inspect: Update state and delete streams after reaching flow depth
  • http_inspect: IP reputation support
  • http_inspect: Don't disable detection for flow if it's an HTTP/2 flow
  • ips_options: Fix relative base64_decode
  • memory: free_space cleanup
  • netflow: Additional check before v5/v9 decode
  • netflow: Version 9 decoding and filtering
  • packet_tracer: IPS DAQ trace log
  • packet_tracer: File DAQ trace log
  • parser: Remove rule merge in dump mode
  • parser: Reduce RTNs only after states applied
  • reputation: Track monitor ID via flow; minor code cleanup
  • shell: Exit gracefully when sandbox Lua is misconfigured
  • stream_tcp: Deleting session when both talker and listener are closed
  • stream_tcp: Using window base for reset validation

Snort 3 is the next generation of the Snort Intrusion Prevention System. The GitHub page will walk users through what Snort 3 has to offer and guide users through the steps of getting set up — from download to demo. Users unfamiliar with Snort should start with the Snort Resources page and the Snort 101 video series

You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.