Suricata is not intended to just replace or emulate the existing tools in the industry, but it will also bring new ideas and technologies to the field.
The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of Mod Security fame for the OISF. This integrates and provides very advanced processing of HTTP streams for Suricata.
The HTP library is required by the engine, but may also be used independently in a range of applications and tools.
How to install and run: Unarchive, open a Terminal window, go to Suricata's folder and run the following commands from the command line:
./configure
make
sudo make install
suricata
Requirements:
· LibYAML
· PCRE
· Apple Xcode
What's New in This Release: [ read full changelog ]
New features:
· GeoIP keyword, allowing matching on Maxmind’s database, contributed by Ignacio Sanchez (#559)
· Introduce http_host and http_raw_host keywords (#733, #743)
· Add python module for interacting with unix socket (#767)
· Add new unix socket commands: fetching config, counters, basic runtime info (#764, #765)
Improvements:
· Big Napatech support update by Matt Keeler
· Configurable sensor id in unified2 output, contributed by Jake Gionet (#667)
· FreeBSD IPFW fixes by Nikolay Denev
· Add “default” interface setting to capture configuration in yaml (#679)
· Make sure “snaplen” can be set by the user (#680)
· Improve HTTP URI query string normalization (#739)
· Improved error reporting in MD5 loading (#693)
· Improve reference.config parser error reporting (#737)
· Improve build info output to include all configure options (#738)
Fixes:
· Segfault in TLS parsing reported by Charles Smutz (#725)
· Fix crash in teredo decoding, reported by Rmkm...
Find us on Google+
