The Open Information Security Foundation

Mara Systems Joins the OISF Consortium!

Print
PDF
Lafayette Indiana January 14, 2011

Mara Systems has announced that it will provide support to the Open Information Security Foundation as a Bronze Level Consortium Member. The OISF is a US-government backed initiative currently developing a next generation Intrusion Detection Engine.

About Mara Systems
MARA Systems offers innovative solutions to the network security and caching market in terms of network appliances which lessen today's threats by implementing novel ideas and a carefully selected set of features for optimal performance and security. Their compact products are well-known for their robustness and flexibility. Therefore it is not surprising that many of their customers compare them to a Swiss army knife for high network performance and security. MARA Systems' solutions are designed for small to medium sized enterprises and large organizations, whose business cannot afford interruption and the flaws of many mainstream network security and caching products.

About the Open Information Security Foundation
The Open Information Security Foundation (OISF) is a non-profit foundation organized to build Suricata, a next generation IDS/IPS engine. The OISF has formed a multi-national group of the leading software developers in the security industry. In addition to developers and a consortium consisting of leading cyber security companies, OISF has engaged the open source security community to identify current and future IDS/IPS needs and desires. OISF’s primary goal is to remain on the leading edge of open source IDS/IPS development, community needs and objectives.


 

 


Suricata Brainstorming Session in February!

Print
PDF

Please join us February 7th for the fifth Suricata Brainstorming Session at the IT-Defense 2012 Conference in Munich, Germany!  

As you know, Brainstorming Sessions are held to review and adjust the Development Roadmap, and bring in any and all new ideas and contributors. At this session we will outline the current complete features and development status, proposed features from public and private sources, and seek input on these items. We need your help!

The session will be held the day before IT-Defense 2012, and is free to attend. Most of the OISF Development Team will be at this session, so it's a great time to meet them and ask those questions or propose the ideas on your mind!

OISF will also be facilitating a workshop session during the conference, and OISF President Matt Jonkman will speak about Suricata on the second day of IT-Defense 2012.

 

IT-Defense 2012, Munich

it-defense.de 

February 7th, 2012

Leonardo Royal Hotel, Munich

www.leonardo-hotels.com

 

Any new idea, any new feature, any new relationship is welcome. This is an open discussion session. Let us know what you’d like your IDS/IPS engine to do! 

A full agenda will be released prior to the meeting. Food and beverages will be provided, please help us plan for how much we need by RSVP’ing to This e-mail address is being protected from spambots. You need JavaScript enabled to view it . If you would like to attend remotely via video/audio please also rsvp to allow capacity planning.

We hope to see you there!!!

 

 

 

The next OISF Brainstorming Session will be held at RSA 2011 in San Francisco!

Print
PDF

We will meet in the Moscone Center Wednesday February 16, 2011 during the RSA Convention. We will start at noon, a light lunch will be served so please This e-mail address is being protected from spambots. You need JavaScript enabled to view it early and we can plan for you.  If you are not planning to attend RSA you can still come to our meeting free of charge. Let us know and we will get you a code to register for a free expo only pass (normally $100).

We'll have an official agenda out shortly. The overall goals of the meeting will be:

  • Update on the status of the Project and Funding
  • New board member election and update
  • Discussion of Existing Bugs/Feature Requests
  • Review of our Tentative Phase Two Development Roadmap
  • Open floor for New Ideas and Features
  • Finalization of Phase Two Development Roadmap


Much of the coding team will be there, so come and discuss your ideas and gripes. We need to know what you want in your IDS!

If you're interested in consortium membership this is a perfect time to stop in and talk in person about what it might entail and what benefits you would enjoy. The team will be in town a day or so before and after the meeting, plenty of time to talk!

So please, RSVP if you believe you can make it to the meeting by sending an email to This e-mail address is being protected from spambots. You need JavaScript enabled to view it .  Come meet the team, get a free lunch, and make sure your next IDS does what YOU need it to do!

Suricata 1.2.1 Available!

Print
PDF
The OISF development team is pleased to announce Suricata 1.2.1. This release follows 1.2 by just a day to bring an important bug fix.

Get the new release here: http://www.openinfosecfoundation.org/download/suricata-1.2.1.tar.gz

Fixes

- fix malformed unified2 records when writing alerts trigger by stream inspection (#402)
- only force a pseudo packet inspection cycle for TCP streams in a state >= established

Credits

Special thanks go to Eric Ooi and Doug Burks for reporting these issues and testing the fix.

Known issues & missing features

If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal.  With this in mind, please notice the list we have included of known items we are working on.

See http://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues. See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues.

Suricata 1.2beta1 Available!

Print
PDF

The OISF development team is proud to announce Suricata 1.2beta1. This is the first beta release for the upcoming 1.2 version. It brings major new features.

This release has been the result of very rapid development the last month, as can be seen in the change stats:
234 files changed, 24250 insertions(+), 6813 deletions(-)

As a result of these significant changes the release is expected to be of beta quality.

Get the new release here: http://www.openinfosecfoundation.org/download/suricata-1.2beta1.tar.gz

Compilation of this code requires the magic library and development files. The library is usually already installed, the development files are usually not. On Debian/Ubuntu install libmagic-dev, on Fedora file-devel.

New features

- File name, type inspection and extraction for HTTP
 - filename, fileext, filemagic and filestore keywords added
 - "file" output for storing extracted files to disk
- file_data keyword support, inspecting normalized, dechunked, decompressed HTTP response body (feature #241)
 - new keyword http_server_body, pcre regex /S option
- Option to enable/disable core dumping from the suricata.yaml (enabled by default)
- Human readable size limit settings in suricata.yaml (bug #333)
- PF_RING bpf support (required PF_RING >= 5.1) (feature #334)
- tos keyword support (feature #364)
- IPFW IPS mode does now support multiple divert sockets
- New IPS running modes, Linux and FreeBSD do now support "worker" and "autofp"

Improvements

- improved alert accuracy in autofp and single runmodes
- major performance optimizations for the ac-gfbs pattern matcher implementation
- unified2 output fixes
- PF_RING supports privilege dropping now (bug #367)
- Improved detection of duplicate signatures

- Improved performance in virtual machines (bug #382)

Known issues & missing features

In a beta release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal.  With this in mind, please notice the list we have included of known items we are working on.

See http://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues. See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues.

More Articles...