Snort mailing list archives
Dalton 3.0.0 released
From: David Wharton <snort-sigs () davidwharton us>
Date: Wed, 10 Mar 2021 19:01:02 +0000
Dalton 3.0.0 has been released – https://github.com/secureworks/daltonDalton is a system that allows a user to quickly and easily run network packet captures (“pcaps”) against an intrusion detection system (“IDS”) sensor of his or her choice (e.g. Snort, Suricata) using defined rulesets and/or bespoke rules. It also includes a wizard-like web interface for Flowsynth (https://github.com/secureworks/flowsynth) to facilitate custom pcap creation.
This release contains a number of tweaks and back-end updates. Some notable changes:
* Move to Python 3 from Python 2. * Better Suricata EVE log support in UI now that unified2 is no longer supported with Suricata v6; can format/highlight, view in “dark mode”, and download directly from the UI. * Support for running jobs using Suricata socket control and enabled it by default. Now Suricata doesn’t have to restart (load config, rules, etc.) between jobs if the config and rules stay the same. * Ability to easily enable SSL/TLS on the Controller. * Additions, updates, and fixes to the API to reduce complexity and make it work as expected. * Can now submit multiple pcaps (or an archive with multiple pcaps) and have them processed as individual jobs. * Display the number of alerts for finished jobs on the Queue page. * Ubuntu docker containers now use 18.04. * Use more recent versions of libraries, e.g. flask, jquery, etc. * Minor UI reorganization. Variables are no longer bifurcated from the rest of the config. * Dalton agent now has configurable “config” parameter that it can submit to tell controller which config to use. * Updated documentation to reflect current reality. * Sundry other bug fixes and enhancements. I hope you find it useful. -David Wharton
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Dalton 3.0.0 released David Wharton (Mar 10)