The SNORTⓇ team recently released a new version of Snort 3 on Snort.org and the Snort 3 GitHub.
Snort 3.1.17.0 contains several new features and bug fixes. Here's a complete rundown of what's new in this version. Users are encouraged to update as soon as possible and to upgrade to Snort 3 if they have not already done so.Here's a rundown of all the changes and new features in this latest version of Snort 3.
- appid: Restore the log of reloading detectors' complete message.
- build: Remove HAVE_HYPERSCAN conditional from the installed header.
- detection: Add allow_missing_so_rules.
- detection: Ensure PDUs indicate parent when available.
- dnp3: Update built-in rule description.
- doc: Arp_spoof built-ins.
- doc: Back orifice built-in rules.
- doc: Spelling correction.
- doc: Update built-in alerts description for dnp3.
- doc: Update built-in alerts description for modbus, HTTP/2.
- doc: Update built-in alerts description for portscan.
- doc: Update built-in rule documentation for http_inspect.
- doc: Update built-in rules documentation for dce_smb, dce_tcp, dce_udp, rpc_decode.
- doc: Updated built-in rules documentation for SSH.
- http2_inspect: Hardening.
- http2_inspect: http1_header buffer always created immediately after decode_headers.
- http2_inspect: Push promise error state check.
- http2_inspect: Truncated trailers without frame data.
- ips_option: Enabling trace for vba_data options and fixing memory leak while extracting vba_data.
- main: Use a dynamic buffer on-demand in trace print functions.
- u2spewfoo: Fixed incorrect usage line.
Snort 3 is the next generation of the Snort Intrusion Prevention System. The GitHub page will walk users through what Snort 3 has to offer and guide users through the steps of getting set up — from download to demo. Users unfamiliar with Snort should start with the Snort Resources page and the Snort 101 video series.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.