On 29th August 2018, the team at Snort released the fourth alpha of the next generation Snort IPS- Snort 3, in beta version. Along with all the Snort 2.X features, this version of Snort++ includes new features as well as bug fixes for the base version of Snort.
Here are some key features of Snort++:
- Support provided for multiple packet processing threads
- Shared configuration and attribute table available
- Simple, scriptable configuration
- Key components are now pluggable
- Autodetect services for portless configuration
- Support for sticky buffers in rules
- Autogenerate reference documentation
- Provide better cross-platform support
Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at $19.99/month. Cancel anytime
- Facilitate component testing
- Support pipelining of packet processing, hardware offload and data plane integration, and proxy mode
Below is a brief gist of these upgrades,
Easy Configuration
LuaJIT is used for configuration with a consistent, and executable syntax.
Better Detection of Services
The team has worked closely with Cisco Talos to update rules to meet their needs, including a feature they call "sticky buffers." The Hyperscan search engine, and regex fast patterns make rules faster and more accurate.
HTTP Support
Snort 3 has a stateful HTTP inspector that handles 99 percent of the HTTP Evader cases. The aim is to achieve 100% coverage soon. The HTTP support also includes new rule options.
Better Performance
Deep packet inspection now gives a better performance. Snort 3 supports multiple packet-processing threads, and scales linearly with a much smaller amount of memory required for shared configs.
JSON event logging
This can be used to integrate with tools such as the Elastic Stack. Check out the Snort blog post for more details on the same.
More Plugins!
Snort 3 was designed to be extensible. It has over 225 of plugins of various types. It is easy for users to add their own codec, inspector, rule action, rule option, or logger.
In addition to all these features, users can also watch out for additional upgrades like next generation DAQ, connection events, search engine acceleration among others. To know more about the release of Snort 3, head over to Snort’s official page.
OpenFaaS releases full support for stateless microservices in OpenFaaS 0.9.0
Mastodon 2.5 released with UI, administration, and deployment changes
GNOME 3.30 released with improved Desktop performance, Screen Sharing, and more
United States
Great Britain
India
Germany
France
Canada
Russia
Spain
Brazil
Australia
Singapore
Canary Islands
Hungary
Ukraine
Luxembourg
Estonia
Lithuania
South Korea
Turkey
Switzerland
Colombia
Taiwan
Chile
Norway
Ecuador
Indonesia
New Zealand
Cyprus
Denmark
Finland
Poland
Malta
Czechia
Austria
Sweden
Italy
Egypt
Belgium
Portugal
Slovenia
Ireland
Romania
Greece
Argentina
Netherlands
Bulgaria
Latvia
South Africa
Malaysia
Japan
Slovakia
Philippines
Mexico
Thailand
