After two years of development, OISF (Open Information Security Foundation) published the release of the detection system and the prevention of network intrusion suricata 8.0, which provides means of inspecting various types of traffic. In the Suricata configurations, it is permissible to use signature base developed by the SNORT project, as well as sets of rules emerging Threats and emerging Threats pro. The initial texts of the project are distributed under the license gplv2.
The main changes:
- The experimental possibility of using Suricata as an inter-grid screen has been added. The interspes screen mode allows the use of the Suricata language dialect to filter network packages.
- The possibility of writing scripts in the Lua language was processed. The code base includes the LUA 5.4 interpreter, launched in the Sandbox-reduction that restricts the LUA language (for example, from the Rules cannot be recorded in files or creating network sockets).
- Provided the possibility of dynamic (during operation) registration of plugins with parsers of protocols, detectors and components for logging.
- Significant optimization of performance were carried out, which allowed the acceleration of various aspects of the engine, including the determination of protocols and anomalies, the loading of the rules and initialization. Acceleration is achieved due to the prediction of transitions, optimization of hash functions, an increase in the size of the data loading buffers in PCAP format, and the processing of flows synchronization. Suricata’s launch time, using caching, expanded port grouping and an improved IP address substitution algorithm, was also reduced.
- Libhtp, FTP, ENIP handlers, as well as the MIME-Tipan analysis code, BYTE_EXTRACT operations and decoding BASE64.
- Added support for DOH (DNS Over HTTPS), LDAP, MDNS (Multicast DNS), and WebSocket.
/Reports, release notes, official announcements.