Ngemuva konyaka wentuthuko, inhlangano ye-OISF (Open Information Security Foundation).
Izinguquko eziyinhloko:
- Usekelo lokuqala lwe-HTTP/2.
- Ukusekelwa kwezivumelwano ze-RFB ne-MQTT, okuhlanganisa ikhono lokuchaza iphrothokholi nokugcina ilogu.
- Amathuba okungena ngemvume kwephrothokholi ye-DCERPC.
- Intuthuko enkulu ekusebenzeni kokungena ngohlelo olungaphansi lwe-EVE, oluhlinzeka ngokuphuma komcimbi ngefomethi ye-JSON. Ukusheshisa kufinyelelwe ngenxa yokusebenzisa umakhi wesitoko omusha we-JSON obhalwe ngolimi lwe-Rust.
- Ukukhula kwesistimu ye-log ye-EVE kunyusiwe futhi nekhono lokugcina ifayela lokungena elihlukile lochungechunge ngalunye selisetshenzisiwe.
- Ikhono lokuchaza izimo zokusetha kabusha ulwazi kulogi.
- Amathuba okubonisa amakheli e-MAC kulogi ye-EVE nokukhulisa imininingwane yelogi ye-DNS.
- Ukuthuthukisa ukusebenza kwenjini yokugeleza.
- Ukusekelwa kokuhlonza ukusetshenziswa kwe-SSH (
I-HASSH ). - Ukuqaliswa kwe-GENEVE isikhiphi khodi somhubhe.
- Ikhodi yokucubungula ibhalwe kabusha ngolimi lwe-Rust
I-ASN.1 , DCERPC kanye ne-SSH. I-Rust iphinde isekele amaphrothokholi amasha. - Olimini lwencazelo yomthetho, usekelo lwepharamitha ethi from_end yengezwe egameni elingukhiye elithi byte_jump, futhi usekelo lwepharamitha ye-bitmask yengezwe ku-byte_test. Kusetshenziswe igama elingukhiye le-pcrexform ukuvumela izinkulumo ezivamile (i-pcre) ukuthi zisetshenziselwe ukuthwebula uchungechunge oluncane. Kwengezwe ukuguqulwa kwe-urldecode. Kwengezwe igama elingukhiye elithi byte_math.
- Inikeza ikhono lokusebenzisa i-cbindgen ukwenza izibopho ngezilimi ze-Rust ne-C.
- Kwengezwe usekelo lwe-plugin lokuqala.
Izici ze-Suricata:
- Kusetshenziswa ifomethi ehlanganisiwe ukuze ubonise imiphumela yokuskena
Unified2 , ebuye isetshenziswe iphrojekthi ye-Snort, evumela ukusetshenziswa kwamathuluzi okuhlaziya ajwayelekile njengeigceke2 . Amathuba okuhlanganiswa nemikhiqizo ye-BASE, Snorby, Sguil kanye ne-SKerRT. Ukusekelwa kokuphuma kwe-PCAP; - Ukusekelwa kokutholwa okuzenzakalelayo kwezivumelwano (IP, TCP, UDP, ICMP, HTTP, TLS, FTP, SMB, njll.), okukuvumela ukuthi usebenze ngemithetho kuphela ngohlobo lwephrothokholi, ngaphandle kokubhekisela kwinombolo yembobo (isibonelo, vimba i-HTTP ithrafikhi echwebeni elingajwayelekile) . Ukutholakala kwama-decoder we-HTTP, SSL, TLS, SMB, SMB2, DCERPC, SMTP, FTP kanye nezivumelwano ze-SSH;
- Uhlelo olunamandla lokuhlaziya ithrafikhi ye-HTTP esebenzisa umtapo wezincwadi okhethekile we-HTP odalwe umlobi wephrojekthi ye-Mod_Security ukuze ahlaziye futhi enze ithrafikhi ye-HTTP ibe yejwayelekile. Imojuli iyatholakala ukuze kugcinwe ilogu enemininingwane yokudluliswa kwe-HTTP yezokuthutha; ilogu igcinwa ngefomethi evamile
I-Apache. Ukubuyisa nokuhlola amafayela athunyelwa nge-HTTP kuyasekelwa. Usekelo lokuhlaziya okuqukethwe okucindezelwe. Ikhono lokuhlonza nge-URI, Ikhukhi, izihloko, i-ejenti yomsebenzisi, indikimba yesicelo/yempendulo; - Ukusekela kokusebenzelana okuhlukahlukene kokuvinjwa kwethrafikhi, okuhlanganisa i-NFQueue, IPFRing, LibPcap, IPFW, AF_PACKET, PF_RING. Kungenzeka ukuhlaziya amafayela asevele agciniwe ngefomethi ye-PCAP;
- Ukusebenza okuphezulu, ikhono lokucubungula ligeleza lifinyelela ku-10 gigabits/isekhondi kumishini evamile.
- Indlela yokufanisa imaski esebenza kahle kakhulu yamasethi amakhulu amakheli e-IP. Ukusekelwa kokukhetha okuqukethwe ngemaski nezinkulumo ezijwayelekile. Ukuhlukanisa amafayela kuthrafikhi, okuhlanganisa ukukhonjwa kwawo ngegama, uhlobo noma i-MD5 checksum.
- Ikhono lokusebenzisa okuguquguqukayo emithethweni: ungagcina ulwazi emfudlaneni futhi kamuva ulusebenzise kweminye imithetho;
- Ukusetshenziswa kwefomethi ye-YAML kumafayela okumisa, okukuvumela ukuthi ugcine ukucaca kuyilapho kulula ukuwenza ngomshini;
- Ukusekelwa okugcwele kwe-IPv6;
- Injini eyakhelwe ngaphakathi yokwahlukaniswa okuzenzakalelayo nokuhlanganiswa kabusha kwamaphakethe, okuvumela ukucutshungulwa okufanele kwemifudlana, kungakhathaliseki ukuthi amaphakethe afika ngaluphi uhlelo;
- Ukusekelwa kwezivumelwano zokuhubhela: Teredo, IP-IP, IP6-IP4, IP4-IP6, GRE;
- Ukusekelwa kokuqopha iphakethe: IPv4, IPv6, TCP, UDP, SCTP, ICMPv4, ICMPv6, GRE, Ethernet, PPP, PPPoE, Raw, SLL, VLAN;
- Imodi yezikhiye zokungena nezitifiketi ezivela phakathi koxhumo lwe-TLS/SSL;
- Ikhono lokubhala izikripthi ngesi-Lua ukuze kuhlinzekwe ukuhlaziywa okuthuthukile nokusebenzisa amakhono engeziwe adingekayo ukuze kukhonjwe izinhlobo zethrafikhi imithetho evamile enganele.
Source: opennet.ru