Friday, October 29, 2021

Snort has been released -- Check out this new version!


The SNORTⓇ team recently released a new version of Snort 3 on and the Snort 3 GitHub.


Snort contains several new features and bug fixes. Here's a complete rundown of what's new in this version. Users are encouraged to update as soon as possible and to upgrade to Snort 3 if they have not already done so.

Since the API inside of Snort3 has changed with this version, if you are using the LightSPD package, you will need to use the latest release (posted yesterday, October 28, 2021).
  • appid: detect client based on longest matching user agent pattern
  • appid: update the name of the lua API function that adds process name to client app mappings
  • build: fix in CodeCoverage.cmake to generate *.gcda *.o files as needed by gcov
  • dce_smb: optimize handling pruning of flows in stress environment
  • decompress, http_inspect: add support for processing ole files and for vba_data ips option
  • doc: add punctuation to builtin stubs, fix formatting
  • doc: builtin rule documentation updates
  • http2_inspect: partial header with priority flag set
  • http_inspect: add automatic semicolon insertion
  • http_inspect: document built-in alerts
  • http_inspect: do not normalize JavaScript built-in identifiers
  • http_inspect: hardening
  • http_inspect: implement JIT (just-in-time) for JavaScript normalization
  • http_inspect, ips_option: decouple the vba_data ips option from http_inspect and add the trace debug option to vba_data
  • policy: update policy clone code to avoid corrupting active configuration
  • protocols: prevent infinite loop over tcp options
  • rna: call set_smb_fp_processor function in reload tuner
  • rna: do not do service discovery for future flows

Snort 3 is the next generation of the Snort Intrusion Prevention System. The GitHub page will walk users through what Snort 3 has to offer and guide users through the steps of getting set up — from download to demo. Users unfamiliar with Snort should start with the Snort Resources page and the Snort 101 video series

You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.