SuricataThe Open Information Security Foundation (OISF) is a non-profit foundation organized to build a next generation IDS/IPS engine.  The OISF has formed a multi-national group of the leading software developers in the security industry.  In addition to developers and a consortium consisting of leading cyber security companies, OISF has engaged the open source security community to identify current and future IDS/IPS needs and desires. 

OISF’s primary goal is to remain on the leading edge of open source IDS/IPS development, community needs and objectives.  This is only attainable if you, the community, get involved.  We welcome participation large and small and have built working groups and mailing lists to engage and educate all interested people and organizations.

Funding for the OISF comes from the US Department of Homeland Security (DHS) and a number of private companies that form the OISF Consortium. These companies gain a non-gpl limited license for the engine in return for their ongoing support. Over time, OISF will take on new projects and challenges.  Future OISF project proposals are welcome and should be submitted in summary form using the ‘Contact Us’ link above.

Thank you for visiting OISF!

Get Involved

get involved
• Organizations
Companies
Individuals
• Developers

Click here to find out how you can get involved!

Join the Mailing List

openinfosecfoundationReceive all of the latest Open Information Security Foundation updates directly.
Sign up here.

OISF Store

Suricata Logo

Wear your support on your sleeve! Check OISF's New Gear and support the project!

The Open Information Security Foundation

Suricata 1.0.2 Released

Print
PDF
The OISF development team is proud to announce Suricata 1.0.2, the second maintenance release for Suricata 1.0, the Open Source Intrusion Detection and Prevention engine.

Get the new release here: http://www.openinfosecfoundation.org/download/suricata-1.0.2.tar.gz

New features

- Added an SSH application layer module, improving performance and accuracy
- Added two new SSH rule keywords: "ssh.protoversion" and "ssh.softwareversion"
- Added support for missing HTTP related PCRE modifiers /H, /M and /C (bug #220)

Improvements

- Fixed several TCP stream engine evasion issues found by Judy Novak from G2, Inc.
- Improved accuracy of the http_client_body keyword
- Improved dropping of packets in IPS mode when a signature matches in the reassembled stream or the application layer
- Improved error reporting if the engine runs out of memory in the initialization stage
- Fixed a reported segv in the HTTP method detection keyword (bug #231)
- Several smaller issues were fixed

Because of the TCP evasions that are fixed upgrading is highly recommended.


Known issues & missing features

As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal.  With this in mind, please notice the list we have included of known items we are working on.

See http://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues. See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues.

Suricata 1.0.1 Released

Print
PDF
The OISF development team is proud to announce Suricata 1.0.1, the first maintenance release for Suricata 1.0, the Open Source Intrusion Detection and Prevention engine.

Get the new release here: https://www.openinfosecfoundation.org/download/suricata-1.0.1.tar.gz

Improvements

- Major detection accuracy improvements.
- ip_proto keyword was fixed for malformed packets.
- Fix a TCP RST packet evasion issue (http://www.packetstan.com/2010/06/recently-ive-been-on-campaign-to-make.html)
- Stream reassembly improvements.
- See https://redmine.openinfosecfoundation.org/versions/show/10 for all closed tickets.

Known issues & missing features

As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal.  With this in mind, please notice the list we have included of known items we are working on.

See https://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues. See https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues.

State of the Project Report

Print
PDF

The Phase Two kickoff meeting for Suricata and the OISF was held in San Francisco last Friday. We had some great discussions, these meetings have proven to be invaluable. Thanks to all who attended, many great ideas were exchanged and discussed. The goals of this meeting were to review where we are in Phase One development, lay out Phase Two major features, and bring in new ideas and challenges. These were accomplished quite well!

Below is a discussion of where we believe we should go with Suricata for Phase Two. This is only the beginning of the conversation, we know everyone interested can't be at one meeting. So please consider this a starting point and we'll continue discussion on the mailing lists.

 

Status

Overall, the engine is in a great state. We are much further into development than we had expected at this point, we've solved many technical issues we expected to be pushed to Phase Two.  I have to say I'm honored to be just near a team of developers with such talent and dedication. Our contributors and consortium members have brought everything we didn't have available to put this incredibly complex engine together. My thanks to everyone who's contributed, but we have a long road ahead of us.

We had originally intended to end Phase One with the 1.0 release and move directly into Phase Two development. Phase One was the more traditional features and the base functionality for the engine, then Phase Two would be the most experimental features. We have decided to push Phase Two development off a few months to put more time into stabilizing and performance tuning the base engine. We need the time for performance tuning, but also our funding for 2010 is due in September, and the foundation is low on resources. So we're limiting development to 1.0.1 bugfixes and performance tuning for the next month or so. We'd also like to see how this release performs and works for the community, so get your feedback in. Phase Two features are very experimental, and will take significant amounts of time to perfect, so we're gathering our resources to attack this on all fronts.

 

So for this Interim period here are our goals:

Complete Architecture Documentation
Significant Performance Optimization
More Easily Configurable Run Mode Support (Endace has offered to complete this)
Error Code Cleanup and Documentation
Full Documentation (community editable docs)
Advanced Profiling and Engine Statistics Module
Accuracy Improvements
Added Protocol Detections
Classifications Update (support a more elegant definition system)
Full 2.8.6 Syntax Compatibility
Better LibHTP Error Handling
Heavy Inline Testing

 

The Features to be pursued in Phase Two are:

High Priority:
Max Inspection Time Cutoff Setting (while inline set a packet loose to avoid latency but still process)
File Capture and Extraction in Stream
REGEX Optimization/Acceleration (possibly using alternate regex libraries)
Live Ruleset Updates
Flow Logging (Netflow output)
Add Replace keyword support
Host attribute scrubbing (strip OS identifying oddities)
URI Matching lookups (stopbadware, websense, etc)
Full CUDA Support

Phase Two Low Priority:
IP Reputation - Explore other items, dns, etc
Distributed Blocking
Global Flowbits and flowvars
Full Stream Capture (rotating pcap support)
Traffic Redirection (bait and switch style)

 

We have a huge list above, and we need your help. Ideas, code contributions, help in documentation, help in translating documentation, and financial and hardware support are needed. We welcome input from any source!

Please join the OISF mailing lists ( http://lists.openinfosecfoundation.org/mailman/listinfo ) for more info, discussion, and to follow developments. If you'd like more information about consortium membership or ways you can help out please email This e-mail address is being protected from spambots. You need JavaScript enabled to view it , or myself directly at This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

 

OISF Welcomes nPulse Technologies as First Gold Member

Print
PDF
nPulse to host software QA Testing Lab for Suricata Project


LAFAYETTE, INDIANA, USA –  July 27th, 2010 – The Open Information Security Foundation (OISF) today announced that nPulse Technologies, LLC has joined the consortium as its first Gold Level member.


"The OISF is excited about the support nPulse and Napatech will provide. As leaders in the acceleration market they have invaluable advice and engineering expertise to lend our development team. nPulse's work to enable the Suricata engine to natively take advantage of Napatech's technology will open up new market opportunities for Suricata."


“We are excited to join OISF and to have the opportunity to contribute to the Suricata project,” said Randy Caldejon, President of nPulse Technologies. "The Suricata project exemplifies the open-source spirit at its best; that is, organizations putting aside their competitive differences for the common good of building a state-of-the-art intrusion detection and prevention engine.   We look forward to adding our expertise to the development effort.”


nPulse will maintain a QA Test lab for Suricata developers at its Charlottesville, VA, facility. Developers will be able to access the nPulse systems remotely, load their code revisions, and test Suricata under heavy traffic loads generated by a 10Gbps HammerHead Capture and Replay System, a product of nPulse Technologies.

 

About the Open Information Security Foundation (OISF)
The Open Information Security Foundation (OISF) is a non-profit foundation organized to build a next generation IDS/IPS engine.  The OISF has formed a multi-national group of the leading software developers in the security industry.  In addition to developers and a consortium consisting of leading cyber security companies, OISF has engaged the open source security community to identify current and future IDS/IPS needs and desires. For more information, visit http://www.openinfosecfoundation.org/.

 

About nPulse Technologies, LLC


nPulse Technologies, LLC develops advanced Gigabit and 10Gbps network sensors for applications in monitoring, traffic recording, forensics and security. It combines leading open-source applications with the latest in standards-based server hardware and advanced packet capture technology to deliver powerful, affordable solutions.


nPulse Technologies, a privately held, Veteran-owned company with a strong history of service in both commercial and Federal government communities, is headquartered in Charlottesville, Virginia, USA.  For more information, visit www.npulsetech.com.

 

 

# # #    

 Media Contacts:

Matt Jonkman                                         Peter Shaw

This e-mail address is being protected from spambots. You need JavaScript enabled to view it          This e-mail address is being protected from spambots. You need JavaScript enabled to view it

+1 (765) 429-0398                                 +1 (703) 673-0044  x704

Last Call for OISF Brainstorming Session Seats!!

Print
PDF

This is the official last call for a slot at our second brainstorming session for the OISF! This friday!


Get your ideas into the mix, help lay out our feature plans, meet the dev team, see where things are going, and get a free lunch!


Please email This e-mail address is being protected from spambots. You need JavaScript enabled to view it today for a seat. If you're not sure you'll make it but are planning to please let us know as well. We'll make sure there's food for all!


Friday, July 16, 2010. 10am till about 4pm as needed. Holiday Inn Golden Gate in lovely downtown San Francisco.


http://www.holidayinn.com/hotels/us/en/san-francisco/sfogg/hoteldetail


We have a group rate on rooms, today is the last day to reserve at the discounted rate.


See you there!

More Articles...

Login



Navigation

Donate

OISF Events

10-11-2010 - 10-14-2010
HITB SECCON

News Feed

feed-image RSS News Feed

Search