Friday, October 8, 2021

Snort version released — Here are all the updates and improvements


The SNORTⓇ team recently released a new version of Snort 3 on and the Snort 3 GitHub.


Snort contains several new features and bug fixes. Here's a complete rundown of what's new in this version. Users are encouraged to update as soon as possible and to upgrade to Snort 3 if they have not already done so.
  • AppID: Enhance RPC service detector to handle RPC Bind version 3.
  • AppID: Fix update_allocations signature in unit test.
  • AppID: Log AppID daq trace first followed by subscriber modules.
  • AppID: Provide API for Lua detectors to map process name to the client app.
  • doc: Add descriptions for 119:265-271 builtin alerts.
  • doc: Update built-in stub rule reference strings.
  • file: Add file policy ID and other config data as part of packet tracer command under File phase.
  • file_api: Add decompress_buffer_size.
  • flow: Add total flow latency to flow stats.
  • http2_inspect: Compare scanned bytes to total received during reassembly.
  • http2_inspect: Protect against reassemble with more than MAX_OCTETS.
  • http_inspect: Change format of normalized JS identifiers.
  • ips_options: Rename script_data buffer to js_data.
  • latency: Add configuration for implicit enable.
  • Lua: Fix Talos tweak snaplen.
  • RNA: Support CPE new os RNA event.
  • snort_config: Adding API for enabling latency module.
  • utils: Add custom I/O stream buffers to JS normalizer.
  • utils: Adjust output streambuffer expanding strategy and reserved memory.
  • utils: Fix compilation error of js_identifier_ctx_test for clang.

Snort 3 is the next generation of the Snort Intrusion Prevention System. The GitHub page will walk users through what Snort 3 has to offer and guide users through the steps of getting set up — from download to demo. Users unfamiliar with Snort should start with the Snort Resources page and the Snort 101 video series

You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.