Suricata 1.3, the latest version of Suricata, has been released. Suricata is an IDS/IPS engine built by the Open Information Security Foundation (OISF), a non-profit foundation funded by the US Department of Homeland Security (DHS) and several private companies.
Suricata can load the standard Snort VRT, Emerging Threats or the Emerging Threats Pro rulesets, and can be managed using BASE and Squil.
Key improvements and new features in this version are:
- TLS/SSL handshake parser and rule keywords for detecting anomolies in TLS/SSL traffic
- HTTP user agent keyword for matching directly on User-Agent header
- On the fly MD5 calculation and matching for files in HTTP streams
- Napatech support added
- Endace support improved
- New runmode for users of pcap wrappers (Myricom, PF_RING, others)