SuricataThe Open Information Security Foundation (OISF) is a non-profit foundation organized to build a next generation IDS/IPS engine.  The OISF has formed a multi-national group of the leading software developers in the security industry.  In addition to developers and a consortium consisting of leading cyber security companies, OISF has engaged the open source security community to identify current and future IDS/IPS needs and desires. 

OISF’s primary goal is to remain on the leading edge of open source IDS/IPS development, community needs and objectives.  This is only attainable if you, the community, get involved.  We welcome participation large and small and have built working groups and mailing lists to engage and educate all interested people and organizations.

Funding for the OISF comes from the US Department of Homeland Security (DHS) and a number of private companies that form the OISF Consortium. These companies gain a non-gpl limited license for the engine in return for their ongoing support. Over time, OISF will take on new projects and challenges.  Future OISF project proposals are welcome and should be submitted in summary form using the ‘Contact Us’ link above.

Thank you for visiting OISF!

Get Involved

get involved
• Organizations
Companies
Individuals
• Developers

Click here to find out how you can get involved!

Join the Mailing List

openinfosecfoundationReceive all of the latest Open Information Security Foundation updates directly.
Sign up here.

Download Suricata

Suricata Logo

Suricata is our next generation IDS/IPS engine.  Start using it today!

Suricata 1.0.5 Available!

Print
PDF
The OISF development team is proud to announce Suricata 1.0.5, the fifth maintenance release for Suricata 1.0, the Open Source Intrusion Detection and Prevention engine.

Get the new release here: http://www.openinfosecfoundation.org/download/suricata-1.0.5.tar.gz

Fixes

- Fix stream reassembly bug #300. Thanks to Rmkml for the report.
- Fix several (potential) issues fixed after a source code scan with Coverity generously contributed by RedHat.

Because of these fixes upgrading is highly recommended.


Known issues & missing features

As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal.  With this in mind, please notice the list we have included of known items we are working on.

See http://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues. See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues.

OISF Brainstorming Session at RAID 2011 in San Francisco

Print
PDF

We have the next OISF Brainstorming session scheduled to happen at RAID 2011! More information on the conference here:

http://www.raid2011.org/

The Brainstorming session will be held the day prior or after the Conference likely, we will announce details once logistics are worked out. Our gratitude to SRI International for hosting the session! 

There will be a great panel as well, Victor Julien of Suricata fame, Seth Hall from Bro, and Martin Roesch of Snort fame will discuss the Future of Open Source IDS. It'll be a great discussion!

September 20-21 at SRI in Menlo Park California, just outside San Francisco. We hope to see you there!

 

 

OISF to Support Barnyard2

Print
PDF

The Open Information Security Foundation (OISF) will provide support to Ian Firns (aka "firnsy"), one of the official Barnyard2 maintainers at SecurixLive, to help get a few milestones completed within the Barnyard2 roadmap. Most significantly a Snortsam Output Plugin will be completed to allow both Snort and Suricata users to more easily plug in to Snortsam for distributed blocking and response using Frank Knobbe's Snortsam project. This will make using Snortsam much easier as it will no longer require patching Snort or Suricata on each upgrade.

 

Barnyard is a critical piece of Suricata as well as Snort, so this support is beneficial to the community as a whole! 

 

Barnyard2-1.10 - Beta 1 Release

Print
PDF

From Firnsy and the Barnyard2 team:

 

---

 

G'day guys and gals,

If you haven't noticed already, the first beta release of what will become barnyard2-1.10 was tagged the other day on github. This was a significant milestone that was only enabled by the OISF team and their generous contributions. Thanks again!

I was going to push this first beta a week ago but have spent the past few days cleaning up the documentation, some old and pesky bugs and even added a small utility.

So what are the notable includes/updates from the 1.9 release:
  * A new output plugin for communication with SnortSam instances.
  * Upgraded unified2 handling to latest unified2 standard [1].
  * Improved handling of Sguil agent registration timeouts. Thanks to Victor Julien.

Some other worthy mentions from the previous stable release include:
  * Fixed signature loading issue that resulted in a rogue space being appended to messages.
  * Fixed compile issue with IPv6 enabled.
  * Fixed compile issue with TCL and PostgreSQL combinations.
  * Added support for new DLT_IPV4 and DLT_IPV6 link types introduced with Snort's new DAQ library.

The old project pages are still being reworked with the server change, so if you want to try it out you will need to become a little familiar with github (it'll be worth it).

So please go forth, download [2], compile, use and abuse. Be sure to send any feedback good or otherwise back to us.

- firnsy

[1] No output plugins currently utilise the extra data.
[2] http://www.github.com/firnsy/barnyard2
_____________________________________

Suricata 1.0.4 Available!

Print
PDF

The OISF development team is proud to announce Suricata 1.0.4, the fourth maintenance release for Suricata 1.0, the Open Source Intrusion Detection and Prevention engine.

Get the new release here: http://www.openinfosecfoundation.org/download/suricata-1.0.4.tar.gz

Fixes

- LibHTP updated to 0.2.6
- Large number of (potential) issues fixed after a source code scan with Coverity generously contributed by RedHat.
- Large number of (potential) issues fixed after source code scans with the Clang static analyzer.

Because of these fixes upgrading is highly recommended.


Known issues & missing features

As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal.  With this in mind, please notice the list we have included of known items we are working on.

See http://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues.

See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues.

More Articles...