Wednesday, January 12, 2022

Snort 3.1.20.0 available for download now

      

The SNORTⓇ team recently released a new version of Snort 3 on Snort.org and the Snort 3 GitHub.

 

Snort 3.1.20.0 contains several new features and bug fixes. Here's a complete rundown of what's new in this version. Users are encouraged to update as soon as possible and to upgrade to Snort 3 if they have not already done so.

Here's a rundown of all the changes and new features in this latest version of Snort 3.
  • AppID: Handle SNI in efp event.
  • AppID: Make peg counts consistent with what is reported to external components* 
  • AppID: Updated the AppID API to include SSH in the list of service inspectors that need inspection.
  • dnp3, gtp, file_type: Fix assert while parsing string parameter.
  • doc: Update JavaScript normalization docs.
  • http2_inspect: Don't send data frames to the HTTP stream splitter when it's not expecting them.
  • http2_inspect: Hardening.
  • http_inspect: Version update, http_version_match rule option.
  • stream_tcp: Limit reassembly size for AtomSplitter. Thanks to barosch78 and DAKOIT for their help in the process of finding the root cause.
  • stream_tcp: Skip seglist gap in post-ack mode if data is acked beyond the gap.
  • stream_user: Change packet type from PDU to USER for hext daq, user codec, and stream_user.
  • wizard: Make max_search_depth applicably for curses.

Snort 3 is the next generation of the Snort Intrusion Prevention System. The GitHub page will walk users through what Snort 3 has to offer and guide users through the steps of getting set up — from download to demo. Users unfamiliar with Snort should start with the Snort Resources page and the Snort 101 video series

You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.