Snort
3.6.2.0
26 Jan 10:45
Snort is the foremost Open Source Intrusion Prevention System (IPS) in the world. Snort IPS uses a series of rules that help define malicious network activity and uses those rules to find packets that match against them and generates alerts for users. Snort can be deployed inline to stop these packets, as well. Snort has three primary uses: As a packet sniffer like tcpdump, as a packet logger — which is useful for network traffic debugging, or it can be used as a full-blown network intrusion pr
major feature: Appid: adding thresholds to brute-force detection. Appid: optimised appid logs and trace. Cmake: modification to search custom jemalloc first. Data_bus: publisher registration data races. Data_bus: remove unsubscribe methods. Doc: stylize dependency names in README.md. File_api: add pending expire time reset for FileInfo. Flow: use timeout set on flow rather than using configured timeout. Hyperscan: delog tsan ips: add access to Event references. Ips_options: ips_content.cc given width and endian parameters for simpler multi-byte char matches. Ips: update pcre to pcre2. Js_norm: add stoi out of range exception handling. Main: support an instance ID dump per-thread. Pcap: filter Geneve encapsulated packets using inner headers. Pub_sub: implemented header defintions for shadow traffic aggregator. Ssl: added length check for cert data processing. Stream_tcp: evaluate flush policy on asymmetric connections when the connection or the tcp session is cleared. Stream_tcp: initialize 3whs normalizer for peer tracker separately. Tcp_pdu: rename to tlv_pdu. Utils: add new header/wrapper for pcre2 code unit width.
GNU GPLv3 ids logger traffic ips network security analysis tcp udp cpp c
