intrusion detection: multi-pattern matcher option #1050

fichtner · 2016-07-05T13:54:40Z

Hi Ad,

Hyperscan support is coming to our Suricata 3.1, for that we need to set something in suricata.yaml:

mpm-algo: hs

The current default is: "ac" (Aho-Corasick)
The new option is: "hs" (Hyperscan)

For this we need a select box in the GUI.

Cheers,
Franco

The text was updated successfully, but these errors were encountered:

L1ghtn1ng · 2016-07-05T14:39:19Z

Will hyperscan be able to run on an a10? Also with 16.7 is it going to be the default now?

fichtner · 2016-07-05T14:40:56Z

yes. no. I'm unsure how / if this performs on i386.

L1ghtn1ng · 2016-07-05T15:00:01Z

Well the a10 is 64 bit so that is fine for me as I will not have to worry about that

L1ghtn1ng · 2016-07-05T15:00:51Z

But would be awesome if this can become the default though

fichtner · 2016-07-05T15:03:14Z

I know, but there are others and this is free software for many platforms. According to the website below, 32 bit is fine.

It doesn't need to be a default. We start shipping the support, the setting will be permanent. Done. :)

L1ghtn1ng · 2016-07-05T15:26:08Z

Awesome and performance for the win while maintaining security I like it

fichtner added the feature Adding new functionality label Jul 5, 2016

fichtner added this to the 16.7 milestone Jul 5, 2016

fichtner assigned fichtner and AdSchellevis and unassigned fichtner Jul 5, 2016

AdSchellevis closed this as completed in a4956c0 Jul 10, 2016

Provide feedback