Bungwe la OISF (Open Information Security Foundation) losindikizidwa kutulutsidwa kwa njira yodziwira kulowerera kwa netiweki ndi kupewa Meerkat 5.0, yomwe imapereka njira yowunikira mitundu yosiyanasiyana yamayendedwe. M'makonzedwe a Suricata, ndizololedwa kugwiritsa ntchito ma signature maziko, yopangidwa ndi polojekiti ya Snort, komanso malamulo Zowopsa Zomwe Zikubwera ΠΈ Emerging Threats Pro. Project source kodi kufalitsa zololedwa pansi pa GPLv2.
Zosintha zazikulu:
Tinayambitsa ma modules atsopano odulira mitengo ndi ma protocol
RDP, SNMP ndi SIP zolembedwa mu Rust. Kutha kulowa kudzera mu gawo laling'ono la EVE, lomwe limapereka zotsatira za zochitika mumtundu wa JSON, lawonjezeredwa ku gawo la FTP parsing;
Kuphatikiza pa kuthandizira njira yotsimikizika yamakasitomala a JA3 TLS yomwe idatulutsidwa m'mbuyomu, kuthandizira njirayo JA3S, kulola kutengera tsatanetsatane wa zokambirana zamalumikizidwe ndi magawo omwe atchulidwa, dziwani kuti ndi pulogalamu iti yomwe imagwiritsidwa ntchito kukhazikitsa kulumikizana (mwachitsanzo, imakupatsani mwayi wodziwa kugwiritsa ntchito Tor ndi mapulogalamu ena wamba). JA3 imapangitsa kufotokozera makasitomala, ndi ma seva a JA3S. Zotsatira za kutsimikiza zingagwiritsidwe ntchito mu chinenero chokhazikitsa malamulo ndi m'zipika;
Anawonjezera luso loyesera kuti agwirizane ndi zitsanzo zamagulu akuluakulu, ogwiritsidwa ntchito pogwiritsa ntchito ntchito zatsopano dataset ndi datarep. Mwachitsanzo, mawonekedwewa amagwira ntchito posaka masks m'ndandanda wakuda ndi mamiliyoni ambiri;
Mawonekedwe a HTTP amawunikira zonse zomwe zafotokozedwa mu test suite HTTP Evader (mwachitsanzo, imakhudza njira zomwe zimagwiritsidwa ntchito kubisa zinthu zoipa zomwe zimachitika pamsewu);
Zida zokulitsa ma module a dzimbiri zasunthidwa kuchoka ku zosankha kupita kuzinthu zofunikira. M'tsogolomu, akukonzekera kukulitsa kugwiritsa ntchito Rust mu code code ya polojekitiyi ndikusintha pang'onopang'ono ma modules ndi ma analogue opangidwa mu Rust;
Injini yodziwikiratu ya protocol yasinthidwa molingana ndi kulondola komanso kusamalidwa kwamayendedwe asynchronous traffic;
Thandizo lawonjezeredwa ku chipika cha EVE cha mtundu watsopano wa mbiri, "anomaly", yomwe imasunga zochitika zosaoneka bwino zomwe zimazindikirika pamene mapaketi asinthidwa. EVE adakulitsanso chiwonetsero chazidziwitso za ma VLAN ndi malo ojambulira magalimoto. Njira yowonjezeredwa kuti musunge mitu yonse ya HTTP mu zolemba za http za EVE;
Othandizira okhazikitsidwa ndi eBPF amapereka chithandizo pamakina a hardware kuti apititse patsogolo kugwidwa kwa paketi. Kuthamanga kwa Hardware pakadali pano kumangokhala ma adapter network a Netronome, koma posachedwa adzawonekera pazida zina;
Thandizo la zomangamanga za Tilera, dns.log text log, ndi fayilo yakale-json.log log yathetsedwa.
Zotsatira za Suricata:
Kugwiritsa Ntchito Fomu Yogwirizana Kuwonetsa Zotsatira Zotsimikizira mgwirizano2, yomwe imagwiritsidwanso ntchito ndi polojekiti ya Snort, kulola kugwiritsa ntchito zida zowunikira monga bwalo2. Kutha kuphatikiza ndi BASE, Snorby, Sguil ndi SQueRT. Kuthandizira kutulutsa mu mtundu wa PCAP;
Thandizo lodziwikiratu ma protocol (IP, TCP, UDP, ICMP, HTTP, TLS, FTP, SMB, etc.), zomwe zimakulolani kuti mugwiritse ntchito malamulo okha ndi mtundu wa protocol, osatchula nambala ya doko (mwachitsanzo. , kuletsa kuchuluka kwa HTTP padoko losakhala wamba) . Ma decoder a HTTP, SSL, TLS, SMB, SMB2, DCERPC, SMTP, FTP ndi SSH protocol;
Dongosolo lamphamvu lakusanthula magalimoto a HTTP lomwe limagwiritsa ntchito laibulale yapadera ya HTP yopangidwa ndi mlembi wa projekiti ya Mod_Security kuti awerenge ndikuwongolera kuchuluka kwa HTTP. Ma module akupezeka kuti asungire chipika chatsatanetsatane cha kusamutsidwa kwa HTTP, chipikacho chimasungidwa mumtundu wokhazikika
Apache. Kutulutsa ndi kutsimikizira mafayilo omwe amasamutsidwa kudzera pa protocol ya HTTP kumathandizidwa. Thandizo la kusanthula kothinikizidwa. Kutha kuzindikira ndi URI, Cookie, mitu, wogwiritsa ntchito, bungwe lopempha / yankho;
Kuthandizira kwamakomedwe osiyanasiyana oletsa magalimoto, kuphatikiza NFQueue, IPFRing, LibPcap, IPFW, AF_PACKET, PF_RING. Ndizotheka kusanthula mafayilo osungidwa kale mumtundu wa PCAP;