The SNORTⓇ team recently released a new version of Snort 3 on Snort.org and the Snort 3 GitHub.
Snort 3.1.12.0 contains several new features and bug fixes. Here's a complete rundown of what's new in this version. Users are encouraged to update as soon as possible and to upgrade to Snort 3 if they have not already done so.- decoder: ICMP6 — Use source and destination addresses from packet to compute ICMP6 checksum when NAT is in effect.
- http_inspect: Enable traces for JS normalizer.
- http_inspect: Include cookies in http_raw_header.
- http_inspect: Reduce void space in HttpFlowData.
- stream_tcp: Add pegs for maximum observed queue size.
- stream_tcp: Normalize data when queue limits are enabled.
- stream_tcp: Only update window on right-edge acks.
- stream_tcp: Set sequence number in trimmed packets up to the queue limit and increase defaults.
Snort 3 is the next generation of the Snort Intrusion Prevention System. The GitHub page will walk users through what Snort 3 has to offer and guide users through the steps of getting set up — from download to demo. Users unfamiliar with Snort should start with the Snort Resources page and the Snort 101 video series.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.