The next OISF Brainstorming Meeting is set for San Francisco, July 16, 2010. 10:00 am until 4:00pm, or later as needed. Seats are filling up fast. We've moved to a larger room to accommodate all. Please RSVP as soon as possible if you plan to be there. It's free to attend!

Coffee and juice will be served as well as a light lunch.Come meet most of the the Suricata Development Team! Get your ideas and priorities heard!

Our previous meeting was in Washington DC late last year and we had a standing room only crowd. Great ideas, great solutions, and most of our Phase One Feature Plan was solidified there. Don't miss this second meeting, the ideas that float around the room are well worth your trip to town!

Please This e-mail address is being protected from spambots. You need JavaScript enabled to view it so we can plan for you. Free lunch and drinks, and a great view of San Francisco! We're on Lower Nob Hill on California Street near Fisherman's Wharf at the Golden Gateway Holiday Inn. Great place to relax and see the sights after the meeting.

http://www.holidayinn.com/hotels/us/en/san-francisco/sfogg/hoteldetail

We'll have an official agenda out shortly. The overall goals of the meeting will be:

Review where we are in Phase One
Outline our Feature Plans for Phase Two
Review new Ideas and Technologies
Update you on the Technical Challenges faced
Solicit new Ideas!
Solidify Phase Two Feature Planning

 

If you're interested in consortium membership this is a prefect time to stop in and talk in person about what it might entail and what benefits you would enjoy. The team will be in town a day or so before and after the meeting, plenty of time to talk!

So please, RSVP if you believe you can make it to the meeting by sending an email to This e-mail address is being protected from spambots. You need JavaScript enabled to view it . We have a great group rate at the hotel. We look forward to seeing you there!

The OISF development team is proud to introduce the second release candidate release of Suricata, the Open Source Intrusion Detection and Prevention engine. We're working towards our first stable release, currently schedules for July 1st 2010.

Get the new release here: http://www.openinfosecfoundation.org/download/suricata-0.9.1.tar.gz

New features

- support for the asn1 keyword added
- support for reading of ERF files added
- basic rule profiling functionality added
- ssl2/ssl3 app layer support added
- detection engine was made partly stateful

Improvements

- multiple regressions in the detection engine causing false negatives were fixed
- many accuracy and stability improvements were made
- icmp handling in the flow engine was improved

Known issues & missing features

We have made significant progress towards reaching our first full (non-beta) release of Suricata.  Your feedback is always important to us and we appreciate your time and effort. As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete.  With this in mind, please notice the list we have included of known items we are working on.

- Currently we don't support the dce option for byte_test and byte_jump.
- Stream reassembly is currently only performed for app-layer code.
- Inconsistent time stamps in http log file due to handling & updating of the http state.
- DCE/RPC over udp is not currently supported.
- dce_stub_data does not respect relative modifiers.
- Engine does not work properly on big endian platforms.
- Time based stats are not calculated correctly.
- signatures using the uricontent keyword might generate multiple alerts for the same event

See https://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues.