Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Dalton 3.0.0 released

From: David Wharton <snort-sigs () davidwharton us>
Date: Wed, 10 Mar 2021 19:01:02 +0000
Dalton 3.0.0 has been released – https://github.com/secureworks/dalton
Dalton is a system that allows a user to quickly and easily run network packet captures (“pcaps”) against an intrusion detection system (“IDS”) sensor of his or her choice (e.g. Snort, Suricata) using defined rulesets and/or bespoke rules. It also includes a wizard-like web interface for Flowsynth (https://github.com/secureworks/flowsynth) to facilitate custom pcap creation.
This release contains a number of tweaks and back-end updates. Some notable changes: 

 * Move to Python 3 from Python 2.
 * Better Suricata EVE log support in UI now that unified2 is no longer
   supported with Suricata v6; can format/highlight, view in “dark
   mode”, and download directly from the UI.
 * Support for running jobs using Suricata socket control and enabled
   it by default. Now Suricata doesn’t have to restart (load config,
   rules, etc.) between jobs if the config and rules stay the same.
 * Ability to easily enable SSL/TLS on the Controller.
 * Additions, updates, and fixes to the API to reduce complexity and
   make it work as expected.
 * Can now submit multiple pcaps (or an archive with multiple pcaps)
   and have them processed as individual jobs.
 * Display the number of alerts for finished jobs on the Queue page.
 * Ubuntu docker containers now use 18.04.
 * Use more recent versions of libraries, e.g. flask, jquery, etc.
 * Minor UI reorganization. Variables are no longer bifurcated from the
   rest of the config.
 * Dalton agent now has configurable “config” parameter that it can
   submit to tell controller which config to use.
 * Updated documentation to reflect current reality.
 * Sundry other bug fixes and enhancements.

I hope you find it useful.

-David Wharton


_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: