Suricata is a rule-based ID/PS engine that utilises externally developed rule sets to monitor network traffic and provide alerts to the system administrator when suspicious events occur. Designed to be compatible with existing network security components, Suricata features unified output functionality and pluggable library options to accept calls from other applications.

Changelog v1.3.1

Improvements

• – AF_PACKET performance improvements
• – Defrag engine performance improvements
• – HTTP: add per server options to enable/disable double decoding of URI (#464, #504)

Fixes

• – Stream engine packet handling for packets with non-standard flag combinations (#508)
• – Improved stream engine handling of packet loss (#523)
• – Stream engine checksum alerting fixed
• – Various rule analyzer fixes (#495, #496, #497)
• – (Rule) profiling fixed and improved (#460, #466)
• – Enforce limit on max-pending-packets (#510)
• – fast_pattern on negated content improved
• – TLS rule keyword parsing issues
• – Windows build fixes (#502)
• – Host OS parsing issues fixed (#499)
• – Reject signatures where content length is bigger than “depth” setting (#505)
• – Removed unused “prune-flows” option
• – Set main thread and live reload thread names (#498)

Download Suricata v1.3.1

http://www.openinfosecfoundation.org