The SNORTⓇ team recently released a new version of Snort 3 on Snort.org and the Snort 3 GitHub.
Snort 3.1.9.0 contains several new features and bug fixes. Here's a complete rundown of what's new in this version. Users are encouraged to update as soon as possible and to upgrade to Snort 3 if they have not already done so.
- actions: Allow session data to stay accessible for loggers for reject rule action.
- byte_options: Address compiler warnings.
- control: Add idle expire removal to control channels.
- dump_stats: Direct output back to command channel.
- events: Use instance_id to make event_id unique across threads.
- file_api: Handle file_cache inspection for non-zero offset.
- http2_inspect: Change XOR to OR in assert that was failing due to an uninitialized variable.
- http2_inspect: Fix HPACK dynamic table size update management.
- http2_inspect: Remove unused variables.
- http_inspect: Add peg count for script bytes processed.
- http_inspect: Add rule option http_raw_header_complete.
- http_inspect: Don't allocate zero-length partial inspection buffer.
- ips_options: Add catch tests for byte_test, byte_jump, byte_math, byte_extract.
- ips_options: Address compiler warnings.
- ips_options: Refactor byte_extract, byte_test, byte_math, byte_jump and related tests.
- Lua: Update HTTP/2 default_wizard hex with S2C pattern match.
- stats: Update file and AppID stats to use Log functions provided from stats.cc.
Snort 3 is the next generation of the Snort Intrusion Prevention System. The GitHub page will walk users through what Snort 3 has to offer and guide users through the steps of getting set up — from download to demo. Users unfamiliar with Snort should start with the Snort Resources page and the Snort 101 video series.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.