Suricata 是一个网络入侵检测和阻止引擎,由开放信息安全基金会以及它所支持的提供商说开发。该引擎是多线程的,内置 IPv6 的支持,可加载预设规则,支持 Barnyard 和 Barnyard2 工具。
Suricata 1.4 发布首个 Beta 测试版本,主要改进包括:
AF_PACKET IPS mode support was added.
Custom HTTP logging was added.
TLS cert logging, storing, and fingerprint matching was added.
Support for decoding various tunnel protocols was added.
NFQ fail-open support was added.
A rule option for limiting inspection to IPv4 or IPv6 was added.
The filesize keyword was added.
Delayed detection engine initialization support was added.
Various performance improvements were made
主页:http://www.openinfosecfoundation.org/
下载:http://www.openinfosecfoundation.org/index.php/download-suricata
来自:开源中国社区
