Irregular Expressions » suricata http://itknowledgeexchange.techtarget.com/Irregular-Expressions Insight into current security related events and exploits, including virtualization security and tips. Sun, 28 Apr 2013 08:00:32 +0000 en-US hourly 1 Professional IDS rules http://itknowledgeexchange.techtarget.com/Irregular-Expressions/professional-ids-rules/ http://itknowledgeexchange.techtarget.com/Irregular-Expressions/professional-ids-rules/#comments Wed, 20 Oct 2010 03:10:11 +0000 Dan O'Connor http://itknowledgeexchange.techtarget.com/Irregular-Expressions/?p=419 Exciting news, there is a new professional feed available for your Suricata and Snort install.

http://www.emergingthreatspro.com/

They are planning to support more platforms beyond Snort and Suricata, with full time research and daily updates.

I can’t wait to see what other engines they are going to be supporting, I always like the idea of having another feed in the environment. Nothing is %100 and its always best to spread out over as much as you can.

Now you can have a the new Suricata engine running the emerging threats rule set and your all set for taking on the latest and greatest coming out of the Open Information Security Foundation.

Enjoy!

]]> http://itknowledgeexchange.techtarget.com/Irregular-Expressions/professional-ids-rules/feed/ 0 Suricata 1.0 release http://itknowledgeexchange.techtarget.com/Irregular-Expressions/suricata-10-release/ http://itknowledgeexchange.techtarget.com/Irregular-Expressions/suricata-10-release/#comments Fri, 02 Jul 2010 17:39:44 +0000 Dan O'Connor http://itknowledgeexchange.techtarget.com/Irregular-Expressions/suricata-10-release/ The 1.0 release of the Suricata IPS/IDS has been released, you can get it here.

http://www.openinfosecfoundation.org/index.php/download-suricata

]]> http://itknowledgeexchange.techtarget.com/Irregular-Expressions/suricata-10-release/feed/ 0 Next generation IDS/IPS engine http://itknowledgeexchange.techtarget.com/Irregular-Expressions/next-generation-idsips-engine/ http://itknowledgeexchange.techtarget.com/Irregular-Expressions/next-generation-idsips-engine/#comments Tue, 09 Feb 2010 13:24:59 +0000 Dan O'Connor http://itknowledgeexchange.techtarget.com/Irregular-Expressions/?p=30 Suricata

http://www.openinfosecfoundation.org

I have been following this since there was first talk of creating a new engine.  They have released version 0.80.

The engine is to load the current Snort rule sets and VRT rule sets out of the box!

Once I complete my exam this week I will have some extra time and will provide install instructions for FreeBSD.

The list of what they have added is extensive. (A the list to come is pretty long) There is more features on the way, listed in the official documentation.

Multi-Threading

Automatic Protocol Detection
- IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB.

Gzip Decompression

Independent HTP Library
- A total independant HTP libary that is also released under the GPLv2.

Standard Input Methods
- You can use NFQueue, IPFRing, and the standard LibPcap to capture traffic.

Unified2 Output
- You can use your standard output tools and methods with the new engine, 100% compatible!

Flow Variables
- It’s possible to capture information out of a stream and save that in a variable which can then be matched again later.

Fast IP Matching
- The engine will automatically take rules that are IP matches only (such as the RBN and compromised IP lists at Emerging Threats) and put them into a special fast matching preprocessor.

HTTP Log Module
- All HTTP requests can be automatically output into an apache-style log format file. Very useful for monitoring and logging activity completely independent of rulesets and matching. Should you need to do so you could use the engine only as an HTTP logging sniffer.

(Source http://www.openinfosecfoundation.org/)

]]> http://itknowledgeexchange.techtarget.com/Irregular-Expressions/next-generation-idsips-engine/feed/ 0