Irregular Expressions

Feb 9 2010   8:24AM GMT

Next generation IDS/IPS engine



Posted by: Dan O'Connor
Tags:
ids
ips
oisf
snort
suricata
vrt

Suricata

http://www.openinfosecfoundation.org

I have been following this since there was first talk of creating a new engine.  They have released version 0.80.

The engine is to load the current Snort rule sets and VRT rule sets out of the box!

Once I complete my exam this week I will have some extra time and will provide install instructions for FreeBSD.

The list of what they have added is extensive. (A the list to come is pretty long) There is more features on the way, listed in the official documentation.

Multi-Threading

Automatic Protocol Detection
- IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB.

Gzip Decompression

Independent HTP Library
- A total independant HTP libary that is also released under the GPLv2.

Standard Input Methods
- You can use NFQueue, IPFRing, and the standard LibPcap to capture traffic.

Unified2 Output
- You can use your standard output tools and methods with the new engine, 100% compatible!

Flow Variables
- It’s possible to capture information out of a stream and save that in a variable which can then be matched again later.

Fast IP Matching
- The engine will automatically take rules that are IP matches only (such as the RBN and compromised IP lists at Emerging Threats) and put them into a special fast matching preprocessor.

HTTP Log Module
- All HTTP requests can be automatically output into an apache-style log format file. Very useful for monitoring and logging activity completely independent of rulesets and matching. Should you need to do so you could use the engine only as an HTTP logging sniffer.

(Source http://www.openinfosecfoundation.org/)

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: