OISF (Open Information Security Foundation) has published the release of Suricata 5.0, a network intrusion detection and prevention system that provides inspection tools for various types of traffic. In Suricata configurations, it is permissible to use the signature database developed by the Snort project, as well as the Emerging Threats and Emerging Threats Pro rule sets. The source code for the project is distributed under the GPLv2 license.
Some of the major changes:
- New log parsing and logging modules for RDP, SNMP and SIP protocols written in Rust are introduced;
- In addition to support for the JA3 TLS client authentication method that appeared in the previous release, support for the JA3S method is added, which allows to determine which software is used to establish the connection based on the connection negotiation features and parameters that are set (for example, it allows you to determine the use of Tor and other typical applications);
- An experimental ability to compare with a selection from large data sets has been added, implemented using the new dataset and datarep operations. For example, the feature is applicable for searching masks in large blacklists with millions of entries;
Get more info at official website.