Bungwe la OISF (Open Information Security Foundation) kutulutsidwa kwa njira yodziwira kulowerera kwa netiweki ndi kupewa , yomwe imapereka njira yowunikira mitundu yosiyanasiyana yamayendedwe. M'makonzedwe a Suricata, ndizololedwa kugwiritsa ntchito , yopangidwa ndi polojekiti ya Snort, komanso malamulo ΠΈ . Project source kodi zololedwa pansi pa GPLv2.
Zosintha zazikulu:
- Tinayambitsa ma modules atsopano odulira mitengo ndi ma protocol
RDP, SNMP ndi SIP zolembedwa mu Rust. Kutha kulowa kudzera mu gawo laling'ono la EVE, lomwe limapereka zotsatira za zochitika mumtundu wa JSON, lawonjezeredwa ku gawo la FTP parsing; - Kuphatikiza pa kuthandizira njira yotsimikizika yamakasitomala a JA3 TLS yomwe idatulutsidwa m'mbuyomu, kuthandizira njirayo , kutengera tsatanetsatane wa zokambirana zamalumikizidwe ndi magawo omwe atchulidwa, dziwani kuti ndi pulogalamu iti yomwe imagwiritsidwa ntchito kukhazikitsa kulumikizana (mwachitsanzo, imakupatsani mwayi wodziwa kugwiritsa ntchito Tor ndi mapulogalamu ena wamba). JA3 imapangitsa kufotokozera makasitomala, ndi ma seva a JA3S. Zotsatira za kutsimikiza zingagwiritsidwe ntchito mu chinenero chokhazikitsa malamulo ndi m'zipika;
- Anawonjezera luso loyesera kuti agwirizane ndi zitsanzo zamagulu akuluakulu, ogwiritsidwa ntchito pogwiritsa ntchito ntchito zatsopano . Mwachitsanzo, mawonekedwewa amagwira ntchito posaka masks m'ndandanda wakuda ndi mamiliyoni ambiri;
- Mawonekedwe a HTTP amawunikira zonse zomwe zafotokozedwa mu test suite (mwachitsanzo, imakhudza njira zomwe zimagwiritsidwa ntchito kubisa zinthu zoipa zomwe zimachitika pamsewu);
- Zida zokulitsa ma module a dzimbiri zasunthidwa kuchoka ku zosankha kupita kuzinthu zofunikira. M'tsogolomu, akukonzekera kukulitsa kugwiritsa ntchito Rust mu code code ya polojekitiyi ndikusintha pang'onopang'ono ma modules ndi ma analogue opangidwa mu Rust;
- Injini yodziwikiratu ya protocol yasinthidwa molingana ndi kulondola komanso kusamalidwa kwamayendedwe asynchronous traffic;
- Thandizo lawonjezeredwa ku chipika cha EVE cha mtundu watsopano wa mbiri, "anomaly", yomwe imasunga zochitika zosaoneka bwino zomwe zimazindikirika pamene mapaketi asinthidwa. EVE adakulitsanso chiwonetsero chazidziwitso za ma VLAN ndi malo ojambulira magalimoto. Njira yowonjezeredwa kuti musunge mitu yonse ya HTTP mu zolemba za http za EVE;
- Othandizira okhazikitsidwa ndi eBPF amapereka chithandizo pamakina a hardware kuti apititse patsogolo kugwidwa kwa paketi. Kuthamanga kwa Hardware pakadali pano kumangokhala ma adapter network a Netronome, koma posachedwa adzawonekera pazida zina;
- Nambala yolembedwanso yojambulira magalimoto pogwiritsa ntchito Netmap framework. Adawonjezera kuthekera kogwiritsa ntchito zida zapamwamba za Netmap monga kusintha kosinthika ;
- kuthandizira pa chiwembu chatsopano cha mawu osakira a Sticky Buffers. Chiwembu chatsopanocho chikufotokozedwa mumtundu wa protocol.buffer, mwachitsanzo, kuti muwone URI, mawu ofunika adzakhala "http.uri" m'malo mwa "http_uri";
- Makhodi onse a Python omwe amagwiritsidwa ntchito amayesedwa kuti agwirizane nawo
Python3; - Thandizo la zomangamanga za Tilera, dns.log text log, ndi fayilo yakale-json.log log yathetsedwa.
Zotsatira za Suricata:
- Kugwiritsa Ntchito Fomu Yogwirizana Kuwonetsa Zotsatira Zotsimikizira , yomwe imagwiritsidwanso ntchito ndi polojekiti ya Snort, kulola kugwiritsa ntchito zida zowunikira monga . Kutha kuphatikiza ndi BASE, Snorby, Sguil ndi SQueRT. Kuthandizira kutulutsa mu mtundu wa PCAP;
- Thandizo lodziwikiratu ma protocol (IP, TCP, UDP, ICMP, HTTP, TLS, FTP, SMB, etc.), zomwe zimakulolani kuti mugwiritse ntchito malamulo okha ndi mtundu wa protocol, osatchula nambala ya doko (mwachitsanzo. , kuletsa kuchuluka kwa HTTP padoko losakhala wamba) . Ma decoder a HTTP, SSL, TLS, SMB, SMB2, DCERPC, SMTP, FTP ndi SSH protocol;
- Dongosolo lamphamvu lakusanthula magalimoto a HTTP lomwe limagwiritsa ntchito laibulale yapadera ya HTP yopangidwa ndi mlembi wa projekiti ya Mod_Security kuti awerenge ndikuwongolera kuchuluka kwa HTTP. Ma module akupezeka kuti asungire chipika chatsatanetsatane cha kusamutsidwa kwa HTTP, chipikacho chimasungidwa mumtundu wokhazikika
Apache. Kutulutsa ndi kutsimikizira mafayilo omwe amasamutsidwa kudzera pa protocol ya HTTP kumathandizidwa. Thandizo la kusanthula kothinikizidwa. Kutha kuzindikira ndi URI, Cookie, mitu, wogwiritsa ntchito, bungwe lopempha / yankho; - Kuthandizira kwamakomedwe osiyanasiyana oletsa magalimoto, kuphatikiza NFQueue, IPFRing, LibPcap, IPFW, AF_PACKET, PF_RING. Ndizotheka kusanthula mafayilo osungidwa kale mumtundu wa PCAP;
- Kuchita kwakukulu, kuthekera kosinthira mitsinje mpaka 10 gigabits / sekondi pazida wamba.
- Injini yofananira ndi chigoba chachikulu yokhala ndi ma adilesi akulu a IP. Kuthandizira kusankha zomwe zili ndi chigoba komanso mawu okhazikika. Kupatukana kwamafayilo kumayendedwe, kuphatikiza kuwazindikiritsa ndi dzina, mtundu kapena MD5 checksum.
- Kutha kugwiritsa ntchito zosinthika m'malamulo: mutha kusunga zambiri kuchokera pamtsinje ndipo kenako muzigwiritsa ntchito m'malamulo ena;
- Kugwiritsa ntchito mtundu wa YAML mumafayilo osinthira, omwe amakulolani kuti muzitha kuwoneka mosavuta pamakina;
- Thandizo lonse la IPv6;
- Injini yopangidwira kuti iwonongeke komanso kukonzanso mapaketi, omwe amalola kuonetsetsa kuti mitsinje ikonzedwa moyenera, mosasamala kanthu za dongosolo lomwe mapaketi amafika;
- Thandizo la ma protocol: Teredo, IP-IP, IP6-IP4, IP4-IP6, GRE;
- Thandizo lolemba paketi: IPv4, IPv6, TCP, UDP, SCTP, ICMPv4, ICMPv6, GRE, Ethernet, PPP, PPPoE, Raw, SLL, VLAN;
- Njira yolowera mitengo yamakiyi ndi ziphaso zomwe zimawoneka mkati mwa kulumikizana kwa TLS/SSL;
- Kutha kulemba zolemba za Lua kuti apereke kusanthula kwapamwamba ndikugwiritsa ntchito zina zowonjezera zofunika kuzindikira mitundu yamagalimoto omwe malamulo okhazikika sali okwanira.
Source: opennet.ru