Emerging Threats

  • Increase font size
  • Default font size
  • Decrease font size

Emerging Threats Announces Call for Developers to Create New and Improved Rule Set

Monday, 21 June 2010 12:26 Matt Jonkman

Emerging Threats today announces an open call for developers to assist in creating QA, load testing, backend management, and execute rule porting activities to support a professional-grade IDS ruleset for multiple IDS engines and platforms.

With this call for developers, Emerging Threats seeks to further engage and employ both existing and new members of the open-source security community.

The Suricata engine is a significant supported platform in addition to Snort and others. With advanced features such as a multi-threaded design and IP reputation, Suricata unlocks the potential for a more advanced ruleset than was previously possible.   

With the speed of malware creation rapidly advancing, Emerging Threats plans to create additional research and intelligence resources to advance rulesets and policies.  This will allow Emerging Threats to continue to provide individuals and companies with the advanced protection they have come to expect from the open community.

Emerging Threats is an open source community project that produces the fastest and most diverse IDS signature set available today, through the contributions and support of its community.

Successful candidates should be familiar with the snort rule syntax, Suricata, malware trends and command and control methods, vulnerability concepts, and a deep understanding of network protocols.

If you are interested in participating in this initiative, please contact Matt Jonkman at This e-mail address is being protected from spambots. You need JavaScript enabled to view it or This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 

Complete announcement here:

http://www.emergingthreats.net/6.21.10_ET_CallforDevelopers.pdf

Last Updated ( Monday, 21 June 2010 12:32 )
 

Snorby 1.4 Available!

Friday, 18 June 2010 08:25 Matt Jonkman

From the Snorby guys:

 

I'm pleased to announce the new release of the new (SPSA) Snorby Preconfigured Security Applications version 1.4.

Snorby preconfigured security applications make effortless for anyone to use Snorby, the new and modern Snort IDS front-end. With (SPSA) Snorby Preconfigured Security Applications, it is possible to get Snorby and Snort up and running out of the box within a few minutes.

(SPSA) Snorby Preconfigured Security Applications web page

http://www.cryptolife.org/index.php/Spsa

 

[*] Improvements and fixes

* Snort 2.8.6 added

* Apache2-ssl support added ( https://ipaddress:8080 )

* Crontab issue fixed

* Webmin removed

* Shellinabox removed

* Turnkey linux configuration console modified

* Snorby installation moved to /var/Snorby

 

Enjoy, Phillip

 

-- (SPSA) Snorby Preconfigured Security Applications http://www.cryptolife.org/index.php/Spsa

 

 

Suricata 0.9.1 RC2 Available!

Wednesday, 26 May 2010 11:18 Matt Jonkman
The OISF development team is proud to introduce the second release candidate release of Suricata, the Open Source Intrusion Detection and Prevention engine. We're working towards our first stable release, currently schedules for July 1st 2010.

Get the new release here: http://www.openinfosecfoundation.org/download/suricata-0.9.1.tar.gz

New features

- support for the asn1 keyword added
- support for reading of ERF files added
- basic rule profiling functionality added
- ssl2/ssl3 app layer support added
- detection engine was made partly stateful

Improvements

- multiple regressions in the detection engine causing false negatives were fixed
- many accuracy and stability improvements were made
- icmp handling in the flow engine was improved

Known issues & missing features

We have made significant progress towards reaching our first full (non-beta) release of Suricata.  Your feedback is always important to us and we appreciate your time and effort. As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete.  With this in mind, please notice the list we have included of known items we are working on.

- Currently we don't support the dce option for byte_test and byte_jump.
- Stream reassembly is currently only performed for app-layer code.
- Inconsistent time stamps in http log file due to handling & updating of the http state.
- DCE/RPC over udp is not currently supported.
- dce_stub_data does not respect relative modifiers.
- Engine does not work properly on big endian platforms.
- Time based stats are not calculated correctly.
- signatures using the uricontent keyword might generate multiple alerts for the same event

See https://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues.

 
More Articles...
  • «
  •  Start 
  •  Prev 
  •  1 
  •  2 
  •  3 
  •  4 
  •  5 
  •  6 
  •  7 
  •  8 
  •  9 
  •  10 
  •  Next 
  •  End 
  • »
Page 1 of 66