Snort 3.1.82.0 15 Mar 10:05
Snort is the foremost Open Source Intrusion Prevention System (IPS) in the world. Snort IPS uses a series of rules that help define malicious network activity and uses those rules to find packets that match against them and generates alerts for users. Snort can be deployed inline to stop these packets, as well. Snort has three primary uses: As a packet sniffer like tcpdump, as a packet logger — which is useful for network traffic debugging, or it can be used as a full-blown network intrusion pr
major feature: Appid: broadcast commands with ctrlcon. Appid: change eve pattern matching logic. Appid: replaced warning log with logging api for CBD. File_api: do not clear the file capture and user file data pointers when updating the verdict from the cache. Filters: updated dyn array with vector. Flow: updated flow_data linklist with STL container. Framework: validate parameter of number type in a string form. Kaizen: rename to Snort ML. Main: clear lua stack when registering commands in a shell. Main: reset main-thread stats from the main thread. Main: update limits help. Packet_capture: add packet capturing per tenant. Sfip: remove references to unused mode feature. Sfip: zero out var/node pointers after operations to remedy heap-use-after-free on reload. Smb: for improper session cache destruction in tterm during config reload. Snort2lua: change deprecated use of ptr_fn to lambda. Stats: timing stats. Stats: perf improvement changes. Stream: remove splitter from session before inspectors. Stream_tcp: add reasons for drops due to trims. Stream_tcp: implement support for proxy mode normalization behavior. Stream_tcp: update documentation for stream TCP alerts to include the new 129:21 and 129:22 alerts. Trace: add tenants logging.