Bayan shekaru bakwai na ci gaba, Cisco ya saki sakin barga na farko na tsarin rigakafin kai hari Snort 3 wanda aka sake sake shi kwata-kwata, ban da sauƙaƙe sanyi da ƙaddamar da Snort, kazalika da yiwuwar yin aiki da kai tsaye, sauƙaƙe harshen zartarwa, bincika duk ladabi ta atomatik, samar da a harsashi don sarrafa layin umarni, Maballin zaren aiki mai yawa tare da samun dama na masu sarrafawa daban-daban zuwa tsari guda daya da ƙari.
Ga wadanda basu da labarin Snort, ya kamata ku san hakan iya nazarin zirga-zirga a cikin ainihin lokacin, ba da amsa ga ayyukan ɓarnatar da aka gano kuma adana bayanan kunshin bayanan don binciken abin da ya faru daga baya.
Reshen Snort 3, wanda aka fi sani da aikin Snort ++, ya sake maimaita tunanin da tsarin samfurin su.
Aiki kan Snort 3 ya fara ne a 2005 amma ba da daɗewa ba aka watsar da shi sai kawai aka ci gaba a cikin 2013 bayan Cisco ta karɓi aikin.
Snort 3 manyan labarai
A cikin sabon sigar na An canza Snort 3 zuwa sabon tsarin saiti, wanda ke ba da sauƙaƙaƙƙun tsari kuma yana ba da damar yin amfani da rubutun don ƙirƙirar daidaitawa da ƙarfi. Ana amfani da LuaJIT don aiwatar da fayilolin sanyi, kuma toshe-tushen LuaJIT suna da ƙarin zaɓuɓɓuka don dokoki da tsarin rajista.
Wani canjin da yayi fice shine an sabunta injin don gano hare-hare, an sabunta ka'idoji, an kara ikon ɗaure buffers a cikin ƙa'idodi (maƙallan bujiyoyi) da injin bincike na Hyperscan kuma an yi amfani da su, wanda ya ba da damar yin amfani da samfuran da aka haifar da sauri kuma mafi daidaituwa bisa maganganun yau da kullun a cikin dokokin;
Hakanan, a cikin Snort 3 kara sabon yanayin dubawa na HTTP wanda yake zaman yanayi ne kuma yana ɗaukar kashi 99% na yanayin da aka samu tallafi daga ɗakin gwajin HTTP Evader, tare da ƙarin tsarin dubawa na zirga-zirgar HTTP / 2.
Ayyukan ingantaccen yanayin duba fakiti an inganta sosai. An kara karfin sarrafa fakiti mai yawan gaske, yana bayar da damar aiwatar da zaren dayawa tare da masu kula da fakiti da kuma samar da sikeli na layi daya gwargwadon lambar CPU.
An aiwatar da adana gama gari na teburin daidaitawa da sifofi, waɗanda aka raba su a cikin ƙananan tsarin, wanda ya rage mahimmancin amfani da ƙwaƙwalwar ajiya ta hanyar kawar da kwafin bayanai.
A daya bangaren kuma, an haskaka miƙa mulki zuwa tsarin gine-gine na zamani, ikon fadada aiki ta hanyar hada kayan toshewa da aiwatar da mahimmin tsari a tsarin maye gurbin abubuwa.
A halin yanzu akwai fiye da plugins 200 don Snort 3, suna rufe abubuwa iri-iri, kamar ƙyale ku ƙara kododinku na kanku, hanyoyin shiga ciki, hanyoyin rajista, ayyuka, da zaɓuɓɓuka a cikin dokokin.
Daga sauran canje-canjen da suka fice daga sabon sigar:
- Ara tallafi na fayil don saurin goge saituna dangane da saitunan tsoho.
- Amfani da snort_config.lua da SNORT_LUA_PATH an tsaida shi don sauƙaƙe sanyi.
- Ara tallafi don sake loda saituna a kan tashi.
- Sabon tsarin shiga taron da ke amfani da tsarin JSON kuma ana iya sauƙaƙe shi tare da dandamali na waje kamar Elastic Stack.
- Gano atomatik na ayyuka masu gudana, kawar da buƙata don tantance takamaiman tashar jiragen ruwa na cibiyar sadarwa masu aiki.
- Lambar tana ba da damar yin amfani da ginin C ++ wanda aka bayyana a cikin ƙa'idar C ++ 14 (taron yana buƙatar mai tarawa wanda ke tallafawa C ++ 14).
- An ƙara sabon mai sarrafa VXLAN.
- Inganta binciken nau'ikan abun ciki ta hanyar abun ciki ta amfani da sabunta madadin aiwatarwa na Boyer-Moore da Hyperscan algorithms.
- Saurin saki ta amfani da zaren da yawa don tattara ƙungiyoyin mulki;
- Ara sabon tsarin rajista.
- RNA (Real-time Network Network Awareness) an ƙara tsarin dubawa, wanda ke tattara bayanai game da albarkatu, masu masauki, aikace-aikace da sabis ɗin da ake samu akan hanyar sadarwar.
Finalmente idan kanaso ka kara sani game dashi game da sabon sigar, zaku iya bincika cikakkun bayanai a cikin mahaɗin mai zuwa.