Snort 3 Open-Source Intrusion Prevention System Released with Major New Features

Snort 3

Snort, the world’s leading open-source intrusion prevention system (IPS) and intrusion detection system (IDS) software, has been updated today to version 3.1 to kick off the long anticipated 3.x series, a major release with numerous new features and improvements.

Snort 3 is the next-generation of the open-source intrusion prevention system software designed to protect your network from all sorts of unwanted traffic, including spam, malicious software, and phishing attacks. It’s packed with years’ worth of new features and improvements to make Snort faster and more efficient.

Highlights include support for multiple packet processing threads, support for sticky buffers in rules, the ability to automatically detect services for portless configurations, support for shared configuration and attribute table, support for pluggable components, as well as a more simple and scriptable configuration.

Snort 3 also provides better cross-platform support by allowing users to run it on multiple environments and operating systems. This new major release also adds numerous enhancements to the HTTP/2 inspection and network discovery capabilities of the software, along with expanded bindings and reload improvements.

“When we started thinking about what the next generation of IPS looked like, we decided to start from scratch. This latest version of Snort is the result of more than seven years of development and hard work from our team,” reads the release announcement

Furthermore, Snort 3 introduces support for multiple packet processing threads to free up more memory when processing, new rule parser and syntax, as well as Hyperscan support for faster patterns, content literals and compatible PCRE during signature evaluation.

A new performance monitor is present as well in this new major series, along with new time and space profiling capabilities, access to more than 200 plugins, revamped TCP handling, improved shared object rules with support for adding rules for zero-day vulnerabilities, and support for rule remarks and comments inside rules.

Among other noteworthy changes, Snort 3 introduces the ability to autogenerate reference documentation, the ability to pause and resume commands, the ability to process a raw payload, as well as the ability to leverage multiple cores through a much simpler and more efficient way to scale.

You can download Snort 3.1 right now from the official website. All users running Snort 2 on their systems are urged to upgrade to the 3.x series as soon as possible. To learn how to install and get started with Snort, watch the series of videos below.

Image credits: Snort/Cisco

Last updated 3 years ago

Buy Me a Coffee at