Emergingthreats
Emerging Threats - Signatures for All!
Aggiornato: 58 min 27 sec fa
NVIDIA Partners with the OISF
The OISF is proud to announce that NVIDIA has joined the foundation as a technology partner to help develop and enhance CUDA GPU based acceleration within Suricata. This exciting development gives the foundation access and assistance from NVIDIA engineers and designers to bring you Suricata IDS/IPS GPU acceleration on standard hardware.
Watch for new developments with GPU acceleration to hit the streets very soon!
Emerging Threats Announces Call for Developers to Create New and Improved Rule Set
Emerging Threats today announces an open call for developers to assist in creating QA, load testing, backend management, and execute rule porting activities to support a professional-grade IDS ruleset for multiple IDS engines and platforms.
With this call for developers, Emerging Threats seeks to further engage and employ both existing and new members of the open-source security community.
The Suricata engine is a significant supported platform in addition to Snort and others. With advanced features such as a multi-threaded design and IP reputation, Suricata unlocks the potential for a more advanced ruleset than was previously possible.
With the speed of malware creation rapidly advancing, Emerging Threats plans to create additional research and intelligence resources to advance rulesets and policies. This will allow Emerging Threats to continue to provide individuals and companies with the advanced protection they have come to expect from the open community.
Emerging Threats is an open source community project that produces the fastest and most diverse IDS signature set available today, through the contributions and support of its community.
Successful candidates should be familiar with the snort rule syntax, Suricata, malware trends and command and control methods, vulnerability concepts, and a deep understanding of network protocols.
If you are interested in participating in this initiative, please contact Matt Jonkman at jonkman@emergingthreats.net or threats@emergingthreats.net
Complete announcement here:
http://www.emergingthreats.net/6.21.10_ET_CallforDevelopers.pdf
Snorby 1.4 Available!
From the Snorby guys:
I'm pleased to announce the new release of the new (SPSA) Snorby Preconfigured Security Applications version 1.4.
Snorby preconfigured security applications make effortless for anyone to use Snorby, the new and modern Snort IDS front-end. With (SPSA) Snorby Preconfigured Security Applications, it is possible to get Snorby and Snort up and running out of the box within a few minutes.
(SPSA) Snorby Preconfigured Security Applications web page
http://www.cryptolife.org/index.php/Spsa
[*] Improvements and fixes
* Snort 2.8.6 added
* Apache2-ssl support added ( https://ipaddress:8080 )
* Crontab issue fixed
* Webmin removed
* Shellinabox removed
* Turnkey linux configuration console modified
* Snorby installation moved to /var/Snorby
Enjoy, Phillip
-- (SPSA) Snorby Preconfigured Security Applications http://www.cryptolife.org/index.php/Spsa
Suricata 0.9.1 RC2 Available!
The OISF development team is proud to introduce the second release candidate release of Suricata, the Open Source Intrusion Detection and Prevention engine. We're working towards our first stable release, currently schedules for July 1st 2010.
Get the new release here: http://www.openinfosecfoundation.org/download/suricata-0.9.1.tar.gz
New features
- support for the asn1 keyword added
- support for reading of ERF files added
- basic rule profiling functionality added
- ssl2/ssl3 app layer support added
- detection engine was made partly stateful
Improvements
- multiple regressions in the detection engine causing false negatives were fixed
- many accuracy and stability improvements were made
- icmp handling in the flow engine was improved
Known issues & missing features
We have made significant progress towards reaching our first full (non-beta) release of Suricata. Your feedback is always important to us and we appreciate your time and effort. As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete. With this in mind, please notice the list we have included of known items we are working on.
- Currently we don't support the dce option for byte_test and byte_jump.
- Stream reassembly is currently only performed for app-layer code.
- Inconsistent time stamps in http log file due to handling & updating of the http state.
- DCE/RPC over udp is not currently supported.
- dce_stub_data does not respect relative modifiers.
- Engine does not work properly on big endian platforms.
- Time based stats are not calculated correctly.
- signatures using the uricontent keyword might generate multiple alerts for the same event
See https://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues.
Get the new release here: http://www.openinfosecfoundation.org/download/suricata-0.9.1.tar.gz
New features
- support for the asn1 keyword added
- support for reading of ERF files added
- basic rule profiling functionality added
- ssl2/ssl3 app layer support added
- detection engine was made partly stateful
Improvements
- multiple regressions in the detection engine causing false negatives were fixed
- many accuracy and stability improvements were made
- icmp handling in the flow engine was improved
Known issues & missing features
We have made significant progress towards reaching our first full (non-beta) release of Suricata. Your feedback is always important to us and we appreciate your time and effort. As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete. With this in mind, please notice the list we have included of known items we are working on.
- Currently we don't support the dce option for byte_test and byte_jump.
- Stream reassembly is currently only performed for app-layer code.
- Inconsistent time stamps in http log file due to handling & updating of the http state.
- DCE/RPC over udp is not currently supported.
- dce_stub_data does not respect relative modifiers.
- Engine does not work properly on big endian platforms.
- Time based stats are not calculated correctly.
- signatures using the uricontent keyword might generate multiple alerts for the same event
See https://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues.