Thursday, August 12, 2021

Snort version released — Here are all the updates and improvements

The SNORTⓇ team recently released a new version of Snort 3 on and the Snort 3 GitHub.


Snort contains several new features and bug fixes. Here's a complete rundown of what's new in this version. Users are encouraged to update as soon as possible and to upgrade to Snort 3 if they have not already done so.

  • AppID: Update netbios-ss (SMB) detector to extract SMB domain from SMBv2, and more intelligently handle payload appid detection.
  • AppID: Use packet thread odp context while creating SIP session.
  • build: Install DAQ modules and Snort plugins in separate folders.
  • dce_smb: Restore file tracker size post deletion.
  • DNS: Add DNS splitter.
  • doc: Update user manual for identifier normalization.
  • file_api: Add infra and file debugs to the existing debugging framework.
  • FTP: Remove unused defines and crufty comments.
  • http_inspect: Add JavaScript identifiers normalization.
  • http_inspect: Change the default value of request_body_app_detection config parameter to true.
  • SMTP: Remove unused defines.
  • SSH: Handle traffic with invalid version string.
  • SSH: Handle version string packets that also contain key exchange data.
  • stream_tcp: Skip unordered segments if last flushed position already moved past.
  • telnet: Correct help for ayt_attack_thresh.
  • wizard: Add wizard max_pattern option and update HTTP/SIP aware methods patterns.

Snort 3 is the next generation of the Snort Intrusion Prevention System. The GitHub page will walk users through what Snort 3 has to offer and guide users through the steps of getting set up — from download to demo. Users unfamiliar with Snort should start with the Snort Resources page and the Snort 101 video series

You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.