The SNORTⓇ team recently released a new version of Snort 3 on Snort.org and the Snort 3 GitHub.
Snort 3.1.16.0 contains several new features and bug fixes. Here's a complete rundown of what's new in this version. Users are encouraged to update as soon as possible and to upgrade to Snort 3 if they have not already done so.
Changes in this release (since 3.1.15.0):
- appid: during initialization, skip loading of Lua detectors that don't have validate function
- appid: in packet threads, skip loading of detectors that don't have validate function on reload
- appid: provide API to give client_app_detection_type
- codec: geneve - ensure injected packets have geneve port in outer udp header
- detection: refactor mpse serialization
- detection: rename PortGroup to the more apt RuleGroup (and related)
- detection: replace PortGroup::alloc/free with ctor/dtor
- doc: add SIP built-in rule documentation
- doc: update built-in rule doc for SMTP, IMAP and POP inspectors
- doc: update built-in rules documentation for dns module
- doc: update built-in rules documentation for ftp-telnet
- doc: updated builtin rules documentation for gtp module
- flow: fix warning in flow_cache.cc
- flow: use the same pkt_type to link and unlink unidirectional flows
- http2_inspect: refactor decoded_headers_buffer for hpack decoding
- http_inspect: eliminate cumulative js data processing
- http_inspect: handle unordered PDUs for inline/external JavaScript normalization
- http_inspect: improve file decompression
- hyperscan: sort patterns for dump / load stability
- ips: correct fast pattern port group counts
- mpse: add md5 check to deserialization
- reload: add logs to track reload process
- reload: move out reload progress flag to reload tracker
- search_engine: support hyperscan serialization
- search_engine: support port group serialization
- sip: track memory for sip sessions
- ssl: disable inspection on alert only at fatal level
- stream_tcp: fix init_wscale() to take into account the DECODE_TCP_WS flag
- tcp: remove the obsolete GNUC block from TcpOption::next()
- tcp: stop on the EOL option in TcpOptIteratorIter::operator++()
- utils: add get methods to peek in internal buffer
- utils: correct Normalizer's output upon the next scan
- wizard: update globbing and max_pattern
Snort 3 is the next generation of the Snort Intrusion Prevention System. The GitHub page will walk users through what Snort 3 has to offer and guide users through the steps of getting set up — from download to demo. Users unfamiliar with Snort should start with the Snort Resources page and the Snort 101 video series.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.