Thursday, February 3, 2022

Snort is now available (plus bonus information on Thursday's rule update)


The SNORTⓇ team recently released a new version of Snort 3 on and the Snort 3 GitHub. Thursday also brought us the latest rule release, which includes several rules to protect against critical vulnerabilities Cisco patched in its RV series of routers. You can see more about this rule update here.


Snort contains several new features and bug fixes. Here's a complete rundown of what's new in this version. Users are encouraged to update as soon as possible and to upgrade to Snort 3 if they have not already done so.

Here's a rundown of all the changes and new features in this latest version of Snort 3.
  • AppID: Do not delay detection of SMB service for the sake of version detection.
  • control: Fix macro definitions.
  • copyright: Updated year to 2022.
  • http_inspect: Correct comment regarding header splitting rules.
  • http_inspect: Forward 0.9 request lines to detection.
  • http_inspect: http_version_match uses msg section version ID.
  • http_inspect: Webroot traversal.
  • main: Move policy selector and flow tracking from snort config to policy map.
  • main: Only add policies to the user policy map at the end of table processing.
  • policy: Add a file_policy to the network policy and use it.
  • stream: QUIC stream-dependent changes.
  • stream_tcp: Ensure that we call splitter finish() only once per flow, per direction.
  • wizard: Remove extra semicolon.

Snort 3 is the next generation of the Snort Intrusion Prevention System. The GitHub page will walk users through what Snort 3 has to offer and guide users through the steps of getting set up — from download to demo. Users unfamiliar with Snort should start with the Snort Resources page and the Snort 101 video series

You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.