Since the API inside of Snort3 has changed with this version, if you are using the LightSPD package, you will need to use the latest release (posted yesterday, October 28, 2021).
- appid: detect client based on longest matching user agent pattern
- appid: update the name of the lua API function that adds process name to client app mappings
- build: fix in CodeCoverage.cmake to generate *.gcda *.o files as needed by gcov
- dce_smb: optimize handling pruning of flows in stress environment
- decompress, http_inspect: add support for processing ole files and for vba_data ips option
- doc: add punctuation to builtin stubs, fix formatting
- doc: builtin rule documentation updates
- http2_inspect: partial header with priority flag set
- http_inspect: add automatic semicolon insertion
- http_inspect: document built-in alerts
- http_inspect: hardening
- http_inspect, ips_option: decouple the vba_data ips option from http_inspect and add the trace debug option to vba_data
- policy: update policy clone code to avoid corrupting active configuration
- protocols: prevent infinite loop over tcp options
- rna: call set_smb_fp_processor function in reload tuner
- rna: do not do service discovery for future flows
Snort 3 is the next generation of the Snort Intrusion Prevention System. The GitHub page will walk users through what Snort 3 has to offer and guide users through the steps of getting set up — from download to demo. Users unfamiliar with Snort should start with the Snort Resources page and the Snort 101 video series.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.