Suricata 2.0




Suricata logo (75 pix) Version 2.0 of Suricata is true. Suricata is an open source network intrusion detection system (IDS), intrusion prevention system (IPS) and network security monitoring engine. It can be used to monitor network traffic and display if something is detected. Suspect a system warning The development is overseen by the Open Information Security Foundation, with the help of the community and various manufacturers. The main change in version 2.0 is Eve, a fully json based logging system. Eve could include with Logstash be used as information graphically again to give . The complete changelog for version 2.0 can be found below.

Notable new features, improvements and changes

Eve log, all JSON output for event alerts, HTTP, DNS, SSH, TLS and files. Written by Tom Decanio or nPulse Technologies
NSM runmode, where detection engine is disabled. Development supported by nPulse Technologies
Various scalability improvements, clean ups and fixes by Ken Steel or Tilera
Add-set command line option to override any YAML option, by Jason Ish or Emulex
Several fixes and improvements or AF_PACKET and PF_RING
ICMPv6 handling improvements by Jason Ish or Emulex
Alerting on PCIe bus (Tilera only), by Ken Steel or Tilera
Feature # 792: DNS parser, logger and keyword support, funded by Emerging Threats
Feature # 234: add option disable / enable individual application layer protocol inspection modules
Feature # 417: ip fragmentation timeout feature in yaml
Feature # 1009: YAML file inclusion support
Feature # 478: XFF (X-Forwarded-For) support in Unified2
Feature # 602: availability for http.log output – identical to Apache log format
Feature # 813: Flow VLAN support
Feature # 901: VLAN support defrag
Features # 814, # 953, # 1102: QinQ VLAN handling
Feature # 751: Add invalid packet counter
Feature # 944: Detect nic offloading
Feature # 956: Implement IPv6 reject
Feature # 775: libhtp 0.5.x support
Feature # 470: Deflate support for HTTP response bodies
Feature # 593: Lua vars flow and flow ints support
Feature # 983: Provide support for rule Specifying ICMPv4 and ICMPv6
Feature # 1008: Optionally have http_uri buffer starts with uri path for use in proxied environments
Feature # 1032: profiling: by keyword stats
Feature # 878: add storage api

Logstash Kibana gevoed met informatie van Suricata met json-output


Tags: , , , , , , , , , , , , , , , , , , ,

In: Technology & Gadgets Asked By: [15576 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »