Snort 3.0 Architecture Series Part 2: Changes and Betas

Things have changed a bit in the Snort 3.0 world since my last post so I thought I'd provide an update as a foundation for moving forward with this "series". I promise it'll be more than one article!

In Part 1 I discussed the architecture of the Snort 3.0 technology and since then there have been some changes. The largest change has been organizational in nature. We've decided to name the core system framework apart from the overall project since you can do more than just Snort-style intrusion detection with it. So, as a result from now on we'll be calling the software framework SnortSP (the Snort Security Platform) and then the engines will be named separately. The overall architectural umbrella that this all lives under is still going to be called the "Snort 3 Architecture" and it will consist of different software components, chief among them will be SnortSP and the engine modules that utilize it.