Release Notes:
2010-04-22 - Snort 2.8.6
[*] New Additions
* HTTP Inspect now splits requests into 5 components -
Method, URI, Header (non-cookie), Cookies, Body.
Content and PCRE rule options can now search one or more of these buffers.
HTTP server-specific configurations to normalize the HTTP header and/or
cookies have been added.
Support gzip decompression across multiple packets.
* Added a Sensitive Data preprocessor, which performs detection of
Personally Identifiable Information (PII). A new rule option is available
to define new PII. See README.sensitive_data and the Snort Manual
for configuration details.
* Added a new pattern matcher and related configurations. The new pattern
matcher is optimized to use less memory and perform at AC speed.
[*] Improvements
* Addressed problem to resolve output obfuscation affecting packets
when Snort is inline.
* Preprocessors with memcap settings can now be configured in a "disabled"
state. This allows you to configure that memcap globally, but only enable
the preprocessor in targeted configurations.
No comments:
Post a Comment