FasterUP
Unified Threat Management Features
- Network Intrusion Detection System (NIDS) engine
- Network Intrusion Prevention System (NIPS) engine
- Network Security Monitoring (NSM) engine
- Off line analysis of PCAP files
- Advanced integration with Linux Netfilter firewalling
- Traffic recording using pcap logger
- Unix socket mode for automated PCAP file processing
- Linux
- FreeBSD
- OpenBSD
- macOS / Mac OS X
- Windows
- YAML, XML config files – human and machine readable
- well commented and documented
- support for including other files
- Scalable flow engine
- Full IPv6 support
- Tunnel decoding
- Teredo
- IP
- IP
- IP6
- IP4
- IP4
- IP6
- GRE
- TCP stream engine
- tracking sessions
- stream reassembly
- target based stream reassembly
- IP Defrag engine
- target based reassembly
- Support for packet decoding of
- IPv4, IPv6, TCP, UDP, SCTP, ICMPv4, ICMPv6, GRE
- Ethernet, PPP, PPPoE, Raw, SLL, VLAN, QINQ, MPLS, ERSPAN
- App layer decoding of:
- HTTP, SSL, TLS, SMB, DCERPC, SMTP, FTP, SSH, DNS, Modbus, ENIP/CIP, DNP3, NFS, NTP, DHCP, TFTP, KRB5, IKEv2
- New protocols developed in the Rust language, for safe and fast decoding.
t
- Stateful HTTP parser built on libhtp
- HTTP request logger
- File identification, extraction and logging
- Per server settings
- limits, personality etc
- Keywords to match on (normalized) buffers:
- uri and raw uri
- headers and raw headers
- cookie
- user
- agent
- request body and response body
- method, status and status code
- host
- request and response lines
- decompress flash files
- and many more
- Protocol keywords
- Multi-tenancy per vlan or capture device
- xbits – flowbits extension
- PCRE support
- substring capture for logging in EVE
- fast_pattern and prefilter support
- Rule profiling
- File matching
- file magic
- file size
- file name and extension
- file MD5/SHA1/SHA256 checksum – scales up to millions of checksums
- multiple pattern matcher algorithms that can be selected
- extensive tuning options
- live rule reloads – use new rules w/o restarting Suricata
- delayed rules initialization
- Lua scripting for custom detection logic
- Hyperscan integration
- Eve log, all JSON alert and event output
- Lua output scripts for generating your own output formats
- Redis support
- HTTP request logging
- TLS handshake logging
- Unified2 output – compatible with Barnyard2
- Alert fast log
- Alert debug log – for rule writers
- Traffic recording using pcap logger
- Prelude support
- drop log – netfilter style log of dropped packets in IPS mode
- syslog – alert to syslog
- stats – engine stats at fixed intervals
- File logging including MD5 checksum in JSON format
- Extracted file storing to disk, with deduplication in the v2 format
- DNS request/reply logger, including TXT data
- Signal based Log rotation
- Flow logging
- per rule alert filtering and thresholding
- global alert filtering and thresholding
- per host/subnet thresholding and rate limiting settings
- High performance capture
- AF_PACKET
- experimental eBPF and XDP modes available
- PF_RING
- NETMAP
- Standard capture
- PCAP
- NFLOG (netfilter integration)
- IPS mode
- Netfilter based on Linux (nfqueue)
- fail open support
- ipfw based on FreeBSD and NetBSD
- AF_PACKET based on Linux
- NETMAP
- Capture cards and specialized devices
- Endace
- Napatech
- Tilera
- fully configurable threading – from single thread to dozens of threads
- precooked “runmodes”
- optional CPU affinity settings
- Use of fine grained locking and atomic operations for optimal performance
- Optional lock profiling
- loading of large amounts host based reputation data
- matching on reputation data in the rule language using the “iprep” keyword
- live reload support
- supports CIDR ranges
- VPN Server
- High Availability
- Load Balancing
- Traffic Shaping
- Captive Portal
- UTM Device
- Firewall / Router
- DNS / DHCP Server
- IDS / IPS
- Transparent Caching Proxy
- Web Content Filter
- And more
- Local user and group database
- User and group-based privileges
- Optional automatic account expiration
- External RADIUS authentication
- Automatic lockout after repeated attempts
- Stateful Packet Inspection (SPI)
- GeoIP blocking
- Anti-Spoofing
- Time based rules
- Connection limits
- Dynamic DNS
- Reverse proxy
- Captive portal guest network
- Supports concurrent IPv4 and IPv6
- NAT mapping (inbound/outbound)
- VLAN support (802.1q)
- Configurable static routing
- IPv6 network prefix translation
- IPv6 router advertisements
- Multiple IP addresses per interface
- DHCP server
- DNS forwarding
- Wake-on-LAN
- PPPoE Server
- IPsec and OpenVPN
- Site-to-site and remote access VPN support
- SSL encryption
- VPN client for multiple operating systems
- L2TP/IPsec for mobile devices
- Multi-WAN for failover
- IPv6 support
- Split tunneling
- Multiple tunnels
- VPN tunnel failover
- NAT support
- Automatic or custom routing
- Local user authentication or RADIUS/LDAP
- Snort-based packet analyzer
- Layer 7 application detection
- Multiple rules sources and categories
- Emerging threats database
- IP blacklist database
- Pre-set rule profiles
- Per-interface configuration
- Suppressing false positive alerts
- Deep Packet Inspection (DPI)
- Optional open
- source packages for application blocking
- HTTP and HTTPS proxy
- Non Transparent or Transparent caching proxy
- Domain/URL filtering
- Anti-virus filtering
- SafeSearch for search engines
- HTTPS URL and content screening
- Website access reporting
- Domain Name blacklisting (DNSBL)
- Usage reporting for daily, monthly, etc.
- Dashboard with configurable widgets
- Local logging
- Remote logging
- Local monitoring graphs
- Real
- time interface traffic graphs
- SNMP monitoring
- Notifications via web interface, SMTP, or Growl
- Hardware monitoring
- Networking diagnostic tools
- stateful packet inspection
- Layer-7 protocol detection
- peer-to-peer protocols filtering
- traffic classification by:
- source MAC address
- IP addresses (network or list) and address types (broadcast, local, multicast, unicast)
- port or port range
- IP protocols
- protocol options (ICMP type and code fields, TCP flags, IP options and MSS)
- interface the packet arrived from or left through
- internal flow and connection marks
- DSCP byte
- packet content
- rate at which packets arrive and sequence numbers
- packet size
- packet arrival time
- and much more!
get in touch
Contact us for a personalised offer
7 Soldat Neagu Florea St.
sector 2, Bucharest, Romania
sector 2, Bucharest, Romania
moc.p1733401244urets1733401244af@of1733401244ni1733401244