This is the first beta release built on the new Snort 3.0 architecture which consists of two primary components: a software platform called the Snort Security Platform (SnortSP) 3.0, which is shipping in beta form in this release, and traffic analysis engine modules that plug into SnortSP.
This beta test release contains one engine module which contains the Snort 2.8.2 detection engine implemented as a SnortSP engine module. SnortSP is an open-source platform for running packet-based network security applications. It provides many of the common functions required by programs that deal with packet processing such as configuration loading, event generation and traffic logging, data acquisition, protocol decoding and validation, flow management, and more.
- Shell-based user interface with embedded scripting language
- Native IPv6, MPLS and GRE support
- Native support for inline operation
- More subsystem plugin types such as data acquisition modules, decoders and traffic analyzers
- Multithreaded execution model – multiple analysis engines may operate simultaneously on the same traffic
- Performance increases.
The purpose of this beta release is to allow people to get exposure to the technology and to use the code in real-world environments – and as an opportunity to solicit feedback on the design and user experience of the new Snort code.
SnortSP is available as a direct download here.