Snort 3.0 Architecture Series Part 2: Changes and Betas
Things have changed a bit in the Snort 3.0 world since my last post so I thought I'd provide an update as a foundation for moving forward with this "series". I promise it'll be more than one article!
In Part 1 I discussed the architecture of the Snort 3.0 technology and since then there have been some changes. The largest change has been organizational in nature. We've decided to name the core system framework apart from the overall project since you can do more than just Snort-style intrusion detection with it. So, as a result from now on we'll be calling the software framework SnortSP (the Snort Security Platform) and then the engines will be named separately. The overall architectural umbrella that this all lives under is still going to be called the "Snort 3 Architecture" and it will consist of different software components, chief among them will be SnortSP and the engine modules that utilize it.
Here's a handy reference diagram:
Ok, now that that's out of the way, let's talk about the beta. On June 30th we released the initial beta of SnortSP & the Snort 2.8.2 Engine to open source beta. It's located at http://www.snort.org/dl/snortsp. To date we have done three releases of the code base with progressive versions nailing down loose ends and fixing compilation issues and the like.
We would love any feedback that people have on the betas, if you're a Snort fan you should definitely check it out and start getting your feet wet, this is the future of Snort!
For my next post I'll be spending some time talking about the SnortSP command shell and some neat stuff you can do with it!